7990cde7c8342040283d08818c4e7e62d349ba3553b464953666718463e5ca24

Sharing

Copy URL Twitter E-mail

General

Target

7990cde7c8342040283d08818c4e7e62d349ba3553b464953666718463e5ca24
Size

5.6MB
MD5

943bab2e37ffef93d4b6b38569c2ec00
SHA1

73bf2b1d817a510e6c23683bafc292f639d8dc38
SHA256

7990cde7c8342040283d08818c4e7e62d349ba3553b464953666718463e5ca24
SHA512

671495f682f13dff32d1030b342f78be76bb7776dc4eaa682ec6d59f7eff307706954ba5d1dcaad49b7b9196518441a0b04741612b00b692053135b07e586c38
SSDEEP

98304:/x2VxZSTTCX9btpHKjlDEL0I0YVSRQZE0ao+ivTFTSOGBRzocFxxPcU:/sSTTS3HKjlAopYVZX+irFTSOGBRUAxO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7990cde7c8342040283d08818c4e7e62d349ba3553b464953666718463e5ca24

Files

7990cde7c8342040283d08818c4e7e62d349ba3553b464953666718463e5ca24
.exe windows:5 windows x86 arch:x86

3213f0aacb982488efaa5358d5179663

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
select
WSAAsyncSelect
ntohs
getsockname
recv
send
gethostbyname
connect
inet_addr
htons
socket
closesocket
WSAStartup

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenEventA
CreateEventA
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerA
SetWaitableTimer
VirtualProtect
GetFileAttributesA
CreateToolhelp32Snapshot
Module32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateFileA
Process32First
Process32Next
LeaveCriticalSection
VirtualFree
GetCurrentProcessId
CloseHandle
IsDebuggerPresent
Sleep
OpenProcess
WriteProcessMemory
GetCurrentProcess
LocalAlloc
LocalFree
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
WriteFile
GetModuleFileNameA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
VirtualAlloc
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
SendMessageA
MessageBoxA
CreateWindowStationA
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
IsWindowVisible
GetMessageA
UpdateWindow
CreateDialogIndirectParamA
PeekMessageA
wsprintfA
SetWindowLongA
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

calloc
_stricmp
realloc
memmove
strchr
strrchr
srand
modf
__CxxFrameHandler
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_atoi64
atof
atoi
_ftol
free
malloc
strtod
_CIfmod
strncpy
strncmp

Sections

.text
Size: - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FQA0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FQA1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3213f0aacb982488efaa5358d5179663

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

shell32

msvcrt

Sections

.text Size: - Virtual size: 250KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 133KB

.FQA0 Size: - Virtual size: 3.7MB

.FQA1 Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 1024B - Virtual size: 608B

.text
Size: - Virtual size: 250KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 133KB

.FQA0
Size: - Virtual size: 3.7MB

.FQA1
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 1024B - Virtual size: 608B