166774a87cd01ece1862762aaf7ddb70

Sharing

Copy URL Twitter E-mail

General

Target

166774a87cd01ece1862762aaf7ddb70
Size

244KB
MD5

166774a87cd01ece1862762aaf7ddb70
SHA1

1b6234decfc824bccde71fdb2200382dbcb376cc
SHA256

c6e604be75150bb58c2c5c0d882c475264c237c9df55715449eb4c06bf9d5180
SHA512

f9d651b041e44eb28ab97be831831a90d2f70cb0be4f8f2bde05adec881a824916092e4c320bbc3a24eda90e73fcc2afaa3bbf0d61918f012178e81cfe896b56
SSDEEP

3072:+iU8fepuOyFAcMBs9uD72DY6AMwVHOAoS1of6bftMZdrqTL6UTZi++n9:+r3MAcMe9uTMwnoSqSbSHuTL6UE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
166774a87cd01ece1862762aaf7ddb70

Files

166774a87cd01ece1862762aaf7ddb70
.exe windows:4 windows x86 arch:x86

179626b7f0ffacef56f4742d9b1df3d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A

ws2_32

getsockopt
ntohs
inet_ntoa
WSACleanup
WSAStartup
setsockopt
ioctlsocket
bind
WSASocketA
accept
inet_addr
htons
connect
recv
closesocket
socket
send
select
__WSAFDIsSet
getsockname
listen

kernel32

FileTimeToLocalFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
RaiseException
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
ExitProcess
CloseHandle
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
Sleep
CreateThread
DeleteFileA
OpenProcess
GetCurrentProcessId
GetLastError
CopyFileA
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
WaitForSingleObject
CreateMutexA
GetTickCount
TerminateThread
GetTempPathA
MoveFileA
LoadLibraryA
GetProcAddress
GetComputerNameA
GetLocaleInfoA
GetVersionExA
ExitThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteFile
CreateEventA
ReadFile
CreateFileA
TerminateProcess
DuplicateHandle
GetCurrentProcess
CreatePipe
GetTimeFormatA
GetDateFormatA
GetFileSize
FindClose
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
SetFilePointer
SetConsoleCtrlHandler
WaitForMultipleObjects
GenerateConsoleCtrlEvent
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
GetExitCodeProcess
PeekNamedPipe
GetLogicalDrives
GlobalMemoryStatus
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

179626b7f0ffacef56f4742d9b1df3d4

Headers

File Characteristics

Imports

mpr

ws2_32

kernel32

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 82KB - Virtual size: 720KB

.sxdata Size: 512B - Virtual size: 24B

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 82KB - Virtual size: 720KB

.sxdata
Size: 512B - Virtual size: 24B