ac3427df9855afcd29f5a85573e3e32437ee2695e2e4d456889bb594e6068924

Sharing

Copy URL

Twitter E-mail

General

Target

ac3427df9855afcd29f5a85573e3e32437ee2695e2e4d456889bb594e6068924
Size

588KB
MD5

8da6eae3abead9c41bd1b65fb48b9c28
SHA1

69967c083a4cf05361d7b1c3cae06844d40dcb66
SHA256

ac3427df9855afcd29f5a85573e3e32437ee2695e2e4d456889bb594e6068924
SHA512

7ae582e4bd279c1733ac991b5d0fe5c8b22f7589abd1792fdae02442065b122f6d1fa48f60766329113731751d31b5f88234e451fb2377fd32707fe6184e9cff
SSDEEP

12288:Or+Cu0Q5PuhoVncbfF0fHx8QdB/NtfakNp8z2uDpTKubP4ofC0yqCt:Or+5dnncbfSfRvdDtfa8uDtUYZCt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac3427df9855afcd29f5a85573e3e32437ee2695e2e4d456889bb594e6068924

Files

ac3427df9855afcd29f5a85573e3e32437ee2695e2e4d456889bb594e6068924
.exe windows:4 windows x86 arch:x86

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreatePipe
PeekNamedPipe
ReadFile
GetExitCodeProcess
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetFileSize
GetStartupInfoA
SetFileAttributesA
GetLocalTime
SetFilePointer
MoveFileA
WritePrivateProfileStringA
GetTickCount
DeleteFileA
Sleep
GetVersionExA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteFile
LCMapStringW
FlushFileBuffers
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
TerminateThread
GetExitCodeThread
GetCurrentProcess
GetCurrentProcessId
OpenProcess
Process32First
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
LocalSize
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
CreateProcessA
lstrcpyn
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetSystemWow64DirectoryA
GetProcAddress
GetModuleHandleA
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WideCharToMultiByte
GlobalFree
RtlMoveMemory
GlobalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetLastError
DeleteCriticalSection
GetVersion
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetInputState
PostMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
FindWindowExA

advapi32

ChangeServiceConfig2A
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExA
RegFlushKey
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
StartServiceA
DeleteService
CreateServiceA
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceConfig2A
QueryServiceConfigA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnableReflectionKey
RegDisableReflectionKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
WSAGetLastError
inet_addr
connect
inet_ntoa
send
__WSAFDIsSet
select
closesocket
htons
socket
shutdown
ioctlsocket
recv

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

dbghelp

MakeSureDirectoryPathExists

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 811B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

dbghelp

oleaut32

Sections

.text Size: - Virtual size: 280KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 774KB

.upx0 Size: - Virtual size: 46KB

.upx1 Size: 580KB - Virtual size: 579KB

.rsrc Size: 4KB - Virtual size: 811B

.text
Size: - Virtual size: 280KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 774KB

.upx0
Size: - Virtual size: 46KB

.upx1
Size: 580KB - Virtual size: 579KB

.rsrc
Size: 4KB - Virtual size: 811B