1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654

Sharing

Copy URL

Twitter E-mail

General

Target

1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654
Size

649KB
MD5

fd6f6e9b801c2c0e18441110440edaae
SHA1

42febe82cf2abe7051423bd007294987bfef4f8c
SHA256

1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654
SHA512

cf7875543f185730a03e8264cd3a96ca5262d96b68c43a1b9ce536b843f5cb037a1397e9826dcde92591478dbd6409ec19b331cc9a8b30861a9bbd12537a87cb
SSDEEP

12288:vdAzlliAgN52ViezY0gBwHqXbblb1Zn3SHNQmuiGQgeGYMqyM4pFuC7Ra8TgdZp:vdrMie0bb1Zn3SHCPivoYR4pHTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654

Files

1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654
.exe windows:5 windows x86

4ed143473068265aedef8d0501dce45c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

advapi32

CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CryptHashData
CryptDestroyHash
CryptAcquireContextA

ws2_32

setsockopt
listen
ioctlsocket
gethostname
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
recvfrom
connect
getpeername
getsockopt
bind
ntohs
getsockname
accept
WSAIoctl
send
recv
select
__WSAFDIsSet
WSASetLastError
htons
sendto
socket
closesocket
getaddrinfo

crypt32

CertFreeCertificateContext

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord22
ord211
ord143
ord60

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetLocaleInfoW
GetModuleFileNameW
GetStartupInfoW
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
HeapReAlloc
ExitThread
LoadLibraryW
GetCurrentDirectoryW
WriteConsoleW
GetTimeZoneInformation
RtlUnwind
RaiseException
HeapSetInformation
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleExA
CompareStringW
SetFilePointer
CreateFileA
SetEndOfFile
SystemTimeToFileTime
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
FileTimeToSystemTime
OutputDebugStringA
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
GetComputerNameExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
QueryDosDeviceA
GetLogicalDriveStringsA
LocalFree
FormatMessageA
GetCurrentProcess
OpenProcess
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WaitForSingleObject
CreateToolhelp32Snapshot
ResumeThread
TerminateProcess
CreateProcessA
Process32Next
Process32First
GetFileAttributesExA
ReadFile
HeapFree
GetProcessHeap
CreateEventA
LoadLibraryA
HeapAlloc
CreateFileW
TlsGetValue
TlsSetValue
TlsAlloc
SetEvent
TerminateThread
CreateThread
GetModuleHandleW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
InterlockedExchangeAdd
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
SetWaitableTimer
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenEventA
ResetEvent
FreeLibrary
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
GetStdHandle
GetCommandLineA
DecodePointer
EncodePointer
SetEnvironmentVariableA
CloseHandle
GetDriveTypeW

user32

GetWindowThreadProcessId
FindWindowA
wsprintfA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ed143473068265aedef8d0501dce45c

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

advapi32

ws2_32

crypt32

wldap32

kernel32

user32

psapi

Sections

.text Size: 473KB - Virtual size: 472KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 19KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 473KB - Virtual size: 472KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 19KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 42KB - Virtual size: 41KB