c0abf9d3aa774cd4ba0b19bbdfb1a253c8ceba945c4db94bf1430be977840ee0

Sharing

Copy URL Twitter E-mail

General

Target

c0abf9d3aa774cd4ba0b19bbdfb1a253c8ceba945c4db94bf1430be977840ee0
Size

780KB
MD5

fc78dd79e088b3e7c4c6b05f89729b28
SHA1

965e56712837ef75fdfd7ee7bd289ffc6dd60b7a
SHA256

c0abf9d3aa774cd4ba0b19bbdfb1a253c8ceba945c4db94bf1430be977840ee0
SHA512

a13df8510f6f263dd63c70dc68694d8ea2dace1fdf05d41fad48f314de5be4f2f63c6cf72c57bd732c73fad7d349361077ebd928df85b6f433d739c5302b7214
SSDEEP

12288:Gi6yRBcynN9bEuIW68LsJJ/pWjTc3z0KrEXdRHZAJau5LS4Z7zIbyUHYWgxAw3o8:Gi6yRy4vTOrEHOJa07zIbyCOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0abf9d3aa774cd4ba0b19bbdfb1a253c8ceba945c4db94bf1430be977840ee0

Files

c0abf9d3aa774cd4ba0b19bbdfb1a253c8ceba945c4db94bf1430be977840ee0
.exe windows:5 windows x86

6ac3183129195845d2ac3fde6eafb8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

ws2_32

__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
WSACleanup
getpeername
getsockname
ntohs
connect
WSAAddressToStringW
WSARecv
getsockopt
htonl
htons
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
WSAStartup

kernel32

CreateFileW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
SetFilePointerEx
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
GetTimeZoneInformation
GetFileType
GetConsoleMode
GetModuleFileNameA
GetFileSizeEx
CreateFileA
DeleteFileA
CloseHandle
GetLocalTime
InterlockedExchange
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
InterlockedCompareExchange
InterlockedDecrement
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
GetLastError
SetEvent
TerminateThread
TlsAlloc
InterlockedExchangeAdd
QueueUserAPC
GetProcAddress
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
InterlockedIncrement
TlsFree
WriteConsoleW
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
TryEnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
InitializeSListHead
FormatMessageA
LocalFree
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
ReadConsoleW
HeapSize
SetEndOfFile
CreateIoCompletionPort
GetStartupInfoW
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetConsoleCP

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptEnumProvidersA

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ac3183129195845d2ac3fde6eafb8e6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

kernel32

advapi32

Sections

.text Size: 578KB - Virtual size: 578KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 26KB - Virtual size: 30KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 578KB - Virtual size: 578KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 26KB - Virtual size: 30KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB