94fc38976af3ffbd084c25f386f0096068642ff9b6df25efd11832515d685077

Sharing

Copy URL Twitter E-mail

General

Target

94fc38976af3ffbd084c25f386f0096068642ff9b6df25efd11832515d685077
Size

588KB
MD5

4e218559d4efe4abe92e7c1fdaf0ec6c
SHA1

311b0e7a19d0ef68960cc736532be00668b6cc03
SHA256

94fc38976af3ffbd084c25f386f0096068642ff9b6df25efd11832515d685077
SHA512

bd802d920e5a1f82235803606d72c15d4100d044850358df4e87491b60d259af45fb571105bd0eb19884cbfd36a977836f0b9a96c1cd16d6d9bb18bc92287384
SSDEEP

12288:FjCX4MOJkcMrmBU9uki+ruX8hs0BAcTveri0THQ39J/VL3EcvuT:M4xKrmy9umDTBAcreri0jQNhVIjT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fc38976af3ffbd084c25f386f0096068642ff9b6df25efd11832515d685077

Files

94fc38976af3ffbd084c25f386f0096068642ff9b6df25efd11832515d685077
.exe windows:4 windows x86 arch:x86

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreatePipe
PeekNamedPipe
ReadFile
GetExitCodeProcess
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetFileSize
GetStartupInfoA
SetFileAttributesA
GetLocalTime
SetFilePointer
MoveFileA
WritePrivateProfileStringA
GetTickCount
DeleteFileA
Sleep
GetVersionExA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteFile
LCMapStringW
FlushFileBuffers
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
TerminateThread
GetExitCodeThread
GetCurrentProcess
GetCurrentProcessId
OpenProcess
Process32First
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
LocalSize
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
CreateProcessA
lstrcpyn
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetSystemWow64DirectoryA
GetProcAddress
GetModuleHandleA
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WideCharToMultiByte
GlobalFree
RtlMoveMemory
GlobalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetLastError
DeleteCriticalSection
GetVersion
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetInputState
PostMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
FindWindowExA

advapi32

ChangeServiceConfig2A
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExA
RegFlushKey
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
StartServiceA
DeleteService
CreateServiceA
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceConfig2A
QueryServiceConfigA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnableReflectionKey
RegDisableReflectionKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
WSAGetLastError
inet_addr
connect
inet_ntoa
send
__WSAFDIsSet
select
closesocket
htons
socket
shutdown
ioctlsocket
recv

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

dbghelp

MakeSureDirectoryPathExists

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 811B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

dbghelp

oleaut32

Sections

.text Size: - Virtual size: 280KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 775KB

.upx0 Size: - Virtual size: 48KB

.upx1 Size: 580KB - Virtual size: 579KB

.rsrc Size: 4KB - Virtual size: 811B

.text
Size: - Virtual size: 280KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 775KB

.upx0
Size: - Virtual size: 48KB

.upx1
Size: 580KB - Virtual size: 579KB

.rsrc
Size: 4KB - Virtual size: 811B