bae6d0803977d7ee2390a44f865d1dfe7c771189ee66edb5db4135a55d6c2292

Sharing

Copy URL Twitter E-mail

General

Target

bae6d0803977d7ee2390a44f865d1dfe7c771189ee66edb5db4135a55d6c2292
Size

1.9MB
MD5

2329054cdf64fe648fe555e5ce8e002e
SHA1

0fdc106b6784ba41dc263b2669740703863787ed
SHA256

bae6d0803977d7ee2390a44f865d1dfe7c771189ee66edb5db4135a55d6c2292
SHA512

0696f5e89bf75a99b0b4bb499b575a5eeacd46b4421063808bb165fa6419bdc17a556af722d82d0b872d9dad3bef5876603a4880b0ca4667d74ea581fe1b644d
SSDEEP

49152:dx+QAl1HFhyyF69vBwVO1nxekYZGnJOrgt0h4KaqrznAhspFK:LKrFF69JwVkn8zsAKQ4Kr7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bae6d0803977d7ee2390a44f865d1dfe7c771189ee66edb5db4135a55d6c2292

Files

bae6d0803977d7ee2390a44f865d1dfe7c771189ee66edb5db4135a55d6c2292
.exe windows:5 windows x86

e7f0ea1bdc50717cb6c31299fb261623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hpsocket_u

SYS_GZipUncompress
HP_GetSocketErrorDesc
HP_Destroy_HttpSyncClient
HP_Create_HttpSyncClient
HP_Destroy_TcpServer
SYS_GZipGuessUncompressBound
HP_Create_TcpServer

ws2_32

ioctlsocket
getsockopt
htons
inet_addr
inet_ntoa
connect
select
send
setsockopt
socket
gethostbyname
closesocket
__WSAFDIsSet
recv
WSAGetLastError
WSAStartup

kernel32

WideCharToMultiByte
RtlCaptureContext
GetProcAddress
VirtualQueryEx
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
SetErrorMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
CloseHandle
GetLocalTime
CreateSemaphoreW
LoadLibraryA
GetModuleFileNameW
CreateFileW
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
SetEvent
Sleep
LoadResource
SizeofResource
lstrcmpiW
lstrcpyW
CreateMutexW
CreateEventW
LoadLibraryExW
GetModuleHandleW
GetCommandLineW
FindResourceW
CreateDirectoryW
MoveFileW
SetLastError
FindClose
FindNextFileW
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
GetCurrentThreadId
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
TryEnterCriticalSection
GetOverlappedResult
WaitForMultipleObjects
GetPrivateProfileIntW
GetPrivateProfileStringW
CancelIo
ReadDirectoryChangesW
GetStdHandle
ExitProcess
ReadConsoleW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSize
SetEnvironmentVariableA
GetModuleHandleExW
ExitThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetTimeZoneInformation
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
GetStringTypeW
EncodePointer
DuplicateHandle
GetCurrentThread
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
CharNextW
LoadStringW
MessageBoxW

advapi32

RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
DeregisterEventSource

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
StringFromGUID2

oleaut32

UnRegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysFreeString

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7f0ea1bdc50717cb6c31299fb261623

Headers

DLL Characteristics

File Characteristics

Imports

hpsocket_u

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

dbghelp

version

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 255KB - Virtual size: 254KB

.data Size: 27KB - Virtual size: 35KB

.tls Size: 512B - Virtual size: 133B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 255KB - Virtual size: 254KB

.data
Size: 27KB - Virtual size: 35KB

.tls
Size: 512B - Virtual size: 133B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 61KB - Virtual size: 60KB