185732c17f9cbcb12add23930b87a8ed

Sharing

Copy URL Twitter E-mail

General

Target

185732c17f9cbcb12add23930b87a8ed
Size

326KB
MD5

185732c17f9cbcb12add23930b87a8ed
SHA1

d238606f197571d7e4c93f8bc9c1c223329efa45
SHA256

e3bf3191f8e921702b7ccb8f41dffa5209376417d3bd74b9861b7eaaf67626ed
SHA512

c9dbf68061d7f28c67ef640a119aa73cc74d1a7cb5702dab72dc52e604e1ed5d34a5d30de680a7db2aafc240ca1aa701f2bb35160ebd7767dd0a1178bbceeb3f
SSDEEP

6144:6TIhQvFAS82J6uYPTBt2cDeRTqkIoIirC5efi1whiinjfer94UKL:6T1vV8285aRTqbtOCTaiirer94DL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
185732c17f9cbcb12add23930b87a8ed

Files

185732c17f9cbcb12add23930b87a8ed
.exe windows:4 windows x86 arch:x86

2e1d891ca94bbe31dd73795d6e2fdf46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

fprintf
__iob_func
free
wcsncmp
wcsncpy_s
memset
memmove
_strdup
_getpid
_wcsicmp
_wcsdup
_strlwr
memcpy
_errno
strncpy
_strnicmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler3
isdigit
isalnum
tolower
mbtowc
_ecvt
_fcvt
localeconv
wctomb
abort
strncat
memchr
strchr
strncmp
realloc
malloc
sscanf
fputs
isspace
calloc
_stricmp
strtok
strrchr
getenv
sprintf
strcspn
_wfullpath
strstr
_wgetenv
strerror

user32

LoadStringW
MessageBoxW

mpr

WNetGetConnectionW

shell32

CommandLineToArgvW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImpersonateSelf
RevertToSelf
MapGenericMask
OpenThreadToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AccessCheck
GetUserNameW
GetFileSecurityW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoQueryProxyBlanket
CoCreateInstance

ws2_32

htonl

kernel32

FormatMessageW
GetDateFormatW
GetTempPathW
IsBadReadPtr
VirtualQuery
GetCurrentThread
RaiseException
FindClose
FindNextFileW
MoveFileW
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
GetLocalTime
GetModuleHandleA
OpenProcess
GetTimeFormatW
CloseHandle
RemoveDirectoryW
CreateDirectoryW
GetModuleHandleW
DeleteFileW
LoadLibraryW
GetComputerNameExW
FindFirstFileW
LocalFree
GetCommandLineW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringA
GetModuleFileNameW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetFileAttributesW
FreeLibrary
GetProcAddress
GetLastError
CreateFileW
SetLastError
SetFilePointer
WriteFile
ReadFile
WideCharToMultiByte
GetACP
GetVersionExA
MultiByteToWideChar
LoadLibraryA

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e1d891ca94bbe31dd73795d6e2fdf46

Headers

File Characteristics

Imports

msvcr80

user32

mpr

shell32

advapi32

ole32

ws2_32

kernel32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 36KB - Virtual size: 40KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 36KB - Virtual size: 40KB

.rsrc
Size: 34KB - Virtual size: 34KB