022bff05026020e5f0396af1d747145c

Sharing

Copy URL

Twitter E-mail

General

Target

022bff05026020e5f0396af1d747145c
Size

124KB
MD5

022bff05026020e5f0396af1d747145c
SHA1

04982180173dca9a9ed2a1babd1c235bb9d97f43
SHA256

23db7191072db4e75ebe6a1a85283444e3ec62620480e7e3d167d4c178065558
SHA512

ec9549251eab85db6f482829fe0e655f5c0504a1db12d7d3ba508a2dab396087281984c3aa98ac89b5eecbaef964b3f6ec6c07e751579dc9053173dec8bd91fc
SSDEEP

1536:zIkriknNWvWv7LLrR5Ddh8M2u2Y6sUnBpuHHqZpMwF0lJ9xDNwNq/:t5N0Wv/LNVz66qzfulJ9xDK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
022bff05026020e5f0396af1d747145c

Files

022bff05026020e5f0396af1d747145c
.exe windows:4 windows x86 arch:x86

b52c3e81c46fcee6ef534cbb249e35ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5194
ord533
ord6407
ord6877
ord2820
ord1997
ord798
ord5856
ord3178
ord3811
ord551
ord3185
ord539
ord2763
ord940
ord4202
ord939
ord922
ord4278
ord538
ord535
ord2614
ord823
ord860
ord6143
ord5861
ord6883
ord537
ord5710
ord941
ord356
ord2770
ord2781
ord4058
ord3181
ord1980
ord668
ord2915
ord5572
ord924
ord5683
ord4129
ord858
ord4204
ord4277
ord2764
ord2818
ord926
ord5608
ord825
ord540
ord541
ord800
ord1158
ord801

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
atol
_except_handler3
fputs
exit
atoi
time
srand
memmove
_errno
strerror
_mbsstr
mbtowc
strtol
wctomb
_mbsnbcmp
_mbschr
_mbclen
_mbsnbcpy
fwrite
fopen
fseek
ftell
fread
_mbsnbicmp
sprintf
fclose
_mbscmp
__CxxFrameHandler
rand

kernel32

CloseHandle
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
Sleep
GetVersionExA
GetPrivateProfileSectionA
GetModuleFileNameA
CreateDirectoryA
GetTempPathA
MoveFileA
CopyFileA
GetShortPathNameA
WaitForSingleObject
WinExec
GetFileAttributesA
DeleteFileA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
lstrlenA
GetSystemDirectoryA
GetPrivateProfileSectionNamesA

user32

SendMessageA
wsprintfA

advapi32

OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
AllocateAndInitializeSid
RegDeleteKeyA
RegCreateKeyExA
InitializeAcl
LookupAccountNameA
AddAccessAllowedAce
SetNamedSecurityInfoA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetUserNameA
RegDeleteValueA

shell32

ShellExecuteA
SHFileOperationA
ShellExecuteExA
SHChangeNotify

ole32

CoUninitialize
CoInitialize
CoCreateInstance

urlmon

URLDownloadToFileA

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

wininet

InternetGetConnectedState

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b52c3e81c46fcee6ef534cbb249e35ca

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

urlmon

msvcp60

wininet

version

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 14KB