8b28c7166d1ef5ccc32561b7d1f42f92

Sharing

Copy URL Twitter E-mail

General

Target

8b28c7166d1ef5ccc32561b7d1f42f92
Size

186KB
MD5

8b28c7166d1ef5ccc32561b7d1f42f92
SHA1

2b6eec4efabf4114e24957f6a9d26b8c2718977e
SHA256

0409573854d639777ac577a59b46914917172454f9836c6a10f3ab221fe067f4
SHA512

07a3acf39d48e7b60fa85875956cc278671dbafe647ddc45a81051058a1dd36fd68291495be0a06243b1c22036aae5b5faa211f7af15b17dc9480ee8f642725e
SSDEEP

3072:rMrtq+RHJo3Sn9klpL7qKvXKvF1eG6TuxCpPhBxrliUb+dEO/nYsMid4RqHGLruI:QrY+VJKSnGoacuTuxK/UdEAMfRqHGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KoinoSSClient.exe

Files

8b28c7166d1ef5ccc32561b7d1f42f92
.zip
KoinoSSClient.exe
.exe windows:4 windows x86 arch:x86

69e03c1b8c843184a8e8f1e612932dbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite

kernel32

TerminateProcess
GetCurrentProcessId
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
DeleteFileA
GetTempFileNameA
GetTempPathA
lstrlenA
GetSystemDirectoryA
lstrcpyA
GetLastError
TlsGetValue
LoadLibraryA
FreeLibrary
GetVersionExA
Sleep
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
InitializeCriticalSection
ReadFile
SetStdHandle
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetFilePointer
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetLastError
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
GetFileAttributesA
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetCurrentProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetEnvironmentStrings

user32

LoadStringA

advapi32

CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptGenRandom

urlmon

URLDownloadToFileA

ws2_32

gethostname
getservbyport
gethostbyaddr
getservbyname
inet_addr
gethostbyname
inet_ntoa
setsockopt
WSACleanup
WSAStartup
shutdown
recv
send
accept
connect
listen
bind
htonl
htons
socket
closesocket
WSASetLastError
WSAGetLastError
ntohs

Sections

.text
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

69e03c1b8c843184a8e8f1e612932dbc

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

urlmon

ws2_32

Sections

.text Size: 328KB - Virtual size: 326KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 36KB - Virtual size: 43KB

.text
Size: 328KB - Virtual size: 326KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 36KB - Virtual size: 43KB