feb2a0f531bc24a318e95984774a79896e10a4cfd94bbf86a19023160b9e1b12

Sharing

Copy URL Twitter E-mail

General

Target

feb2a0f531bc24a318e95984774a79896e10a4cfd94bbf86a19023160b9e1b12
Size

4.6MB
MD5

9a20d3066c265405b0052e57f235b24c
SHA1

71e022fbbef28aef4f162a491d0b28b7d17a5b20
SHA256

feb2a0f531bc24a318e95984774a79896e10a4cfd94bbf86a19023160b9e1b12
SHA512

8a92f5b9c4ef5d8230364788bdb3466fb306a07fe1135a4ac15cce0c023743924447407154efef034f776b6c6db2307cb7f402a5dabc045ee906ee54de9f9003
SSDEEP

98304:OdqRr23ChXgJzsFLmpTB82r34GDHLF0ydVzJLf8s:r2Ch1lmA2rrzz5f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feb2a0f531bc24a318e95984774a79896e10a4cfd94bbf86a19023160b9e1b12

Files

feb2a0f531bc24a318e95984774a79896e10a4cfd94bbf86a19023160b9e1b12
.exe windows:5 windows x64 arch:x64

8ddcc134353f4d087fff0a30d2cd62ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
inet_addr
htons
connect
send
shutdown
closesocket
WSAStartup
WSACleanup

mfc100

ord10577
ord3275
ord10712
ord7931
ord13599
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2353
ord7057
ord2785
ord2788
ord12181
ord5319
ord2659
ord2877
ord2878
ord9171
ord12920
ord9701
ord7833
ord10754
ord6423
ord8250
ord4340
ord1426
ord7190
ord11428
ord4189
ord3270
ord1872
ord316
ord9724
ord1188
ord776
ord1294
ord4124
ord1947
ord11311
ord1948
ord4123
ord1461
ord11125
ord7038
ord7283
ord306
ord13144
ord321
ord7766
ord10794
ord5973
ord9688
ord8047
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord3355
ord2852
ord2851
ord2753
ord10790
ord4920
ord8982
ord8001
ord5562
ord369
ord1863
ord344
ord10654
ord300
ord1291
ord3479
ord908
ord1272
ord265
ord3285
ord3934
ord266
ord1895
ord2028
ord2022
ord2024
ord1953
ord1969
ord889
ord924
ord1266
ord7286
ord7213
ord11410
ord13393
ord4555
ord2116
ord11106
ord11107
ord12927
ord6806
ord12925
ord8182
ord3535
ord3477
ord11489
ord6823
ord1709
ord13700
ord10609
ord12808
ord11099
ord6868
ord13109
ord13106
ord13111
ord13108
ord13110
ord13107
ord3288
ord5031
ord10859
ord10867
ord7063
ord9145
ord10871
ord10840
ord11470
ord4458
ord4722
ord4892
ord8135
ord4700
ord4895
ord4461
ord4597
ord4445
ord6640
ord6641
ord6631
ord4595
ord1275
ord7065
ord8977
ord8000
ord5871
ord876
ord9095
ord6580
ord1274
ord10054
ord893
ord2051
ord2002
ord1906
ord322
ord2049

msvcr100

__set_app_type
_fmode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_mbsnbcpy_s
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__C_specific_handler
_setmbcp
_CxxThrowException
sprintf
fopen
fscanf
fclose
memcmp
memset
_recalloc
__CxxFrameHandler3
_purecall
_resetstkoflw
strcat_s
wcsncpy_s
strcpy_s
memcpy_s
free
malloc
_mbsstr
_commode
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ

kernel32

GetModuleHandleA
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
GetProcAddress
LoadLibraryExA
GetCommandLineA
GetCurrentThreadId
CloseHandle
WaitForSingleObject
CreateProcessA
SetCurrentDirectoryA
LocalFree
LocalAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
FindResourceA
Sleep
EncodePointer
DecodePointer
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
MultiByteToWideChar
RtlCaptureContext
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount

user32

PostMessageA
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
CharNextW
CharNextA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

GetErrorInfo
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantClear

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.virbox1
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.virbox2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ddcc134353f4d087fff0a30d2cd62ef

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

mfc100

msvcr100

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 2KB

.virbox1 Size: 4.5MB - Virtual size: 4.5MB

.virbox2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 2KB

.virbox1
Size: 4.5MB - Virtual size: 4.5MB

.virbox2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 7KB