b68c52a25d0e699bb34ca9dd144083d92c9199a98b8559fac3afa42d04d6a084

Sharing

Copy URL Twitter E-mail

General

Target

b68c52a25d0e699bb34ca9dd144083d92c9199a98b8559fac3afa42d04d6a084
Size

828KB
MD5

af418d2ca470f48d40cb89e34e228213
SHA1

b79421570a43742dcac4d5b31534d40267fe664d
SHA256

b68c52a25d0e699bb34ca9dd144083d92c9199a98b8559fac3afa42d04d6a084
SHA512

ae5693b4ee8f02ad028865acdb4f4bfe43554552fc7a20f9d54a8b0ac24d77facee2838105f3dbd664e7794f547fb83a9b53c62f425f83caf4c01fd7fe1edea7
SSDEEP

24576:/Z7w9lO+mwPw3kdJAg3Ema4NEV3Rla1s9DUzjiLEwxDrFSzCgOki:/Z7w9lO+ZPw3kdJA2EmJNEV3Rla1slUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b68c52a25d0e699bb34ca9dd144083d92c9199a98b8559fac3afa42d04d6a084

Files

b68c52a25d0e699bb34ca9dd144083d92c9199a98b8559fac3afa42d04d6a084
.exe windows:4 windows x86 arch:x86

892c556a350abd51c2320274d06f481f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
GetFileAttributesA
WriteFile
GetLocalTime
GetFileSize
CreateDirectoryA
CreateFileA
GetLocaleInfoW
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetEnvironmentVariableA
GetProcAddress
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
FreeLibrary
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
CompareStringW
GetTickCount
GetLastError
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
PulseEvent
GetTempPathA
GetFileInformationByHandle
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceA
ReadFile
GetSystemInfo
DeleteFileA
MoveFileExA
MoveFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetSystemTime
GetVersion
RtlUnwind
HeapFree
HeapAlloc
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
RaiseException
HeapSize
GetTimeZoneInformation
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
GetCurrentProcessId

user32

SendMessageA
KillTimer
GetDlgItemTextA
EndDialog
BeginPaint
EndPaint
MoveWindow
PostQuitMessage
DestroyWindow
DefWindowProcA
CreateWindowExA
SetTimer
ShowWindow
UpdateWindow
GetClientRect
LoadIconA
LoadCursorA
RegisterClassExA
DialogBoxParamA
MessageBoxA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostMessageA

ws2_32

inet_ntoa
inet_addr

lualibdll

lua_pushstring
lua_tonumber
lua_gettop
lua_tostring

engine

?LoadBuffer@KLuaScript@@QAEHPAEK@Z
?ExecuteCode@KLuaScript@@QAEHXZ
?Init@KLuaScript@@UAEHXZ
?RegisterFunctions@KLuaScript@@QAEHQAUTLua_Funcs@@H@Z
??1KLuaScript@@UAE@XZ
??0KLuaScript@@QAE@XZ
?KSG_StringToMD5String@@YAHQADQBD@Z

Sections

.text
Size: 736KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

892c556a350abd51c2320274d06f481f

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

lualibdll

engine

Sections

.text Size: 736KB - Virtual size: 733KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 44KB - Virtual size: 2.4MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 736KB - Virtual size: 733KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 44KB - Virtual size: 2.4MB

.rsrc
Size: 4KB - Virtual size: 3KB