09378d814fb6a908b2cdd22643a0657e

Sharing

Copy URL Twitter E-mail

General

Target

09378d814fb6a908b2cdd22643a0657e
Size

1.2MB
MD5

09378d814fb6a908b2cdd22643a0657e
SHA1

79ee0debbbae9a797677109829413be8f3312b9d
SHA256

c13c75812ecab356f15c5bd9e3440fe1a7e40d430c9002ca61560574e62627bd
SHA512

1bedd0942a561480b6466f1325244c6fa659631128d66331f7238c849a3ef884ab20157dd4374702086d30b9afb28d47c929c67b8834a969407704872014affe
SSDEEP

24576:EMSUi6HMGETgEPP5KWI19yonzatKi3us4IBnes9fPguCWkWqDzPLr3wx:dw6kPIXyo2t+s4YnesRRCKqPPLM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09378d814fb6a908b2cdd22643a0657e

Files

09378d814fb6a908b2cdd22643a0657e
.exe windows:4 windows x86 arch:x86

cfeef48d86b2bc12270179e05fc282e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsstr
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
memmove
malloc
memcpy
strncmp
isdigit
wcslen
wcscpy
_wcsicmp
wcscmp
tolower
strncpy
strlen
strcpy
toupper
strstr
wcscat
realloc
calloc
__p__iob
fwrite
fread
strchr
strtol
strtoul
_errno
strerror
sscanf
strrchr
qsort
fclose
fopen
fputs
fseek
ftell
strpbrk
_access
_read
_write
atoi
memchr
fflush
fputc
sprintf
getenv
fgets
strspn
strcspn
gmtime
isupper
_msize
localtime
_beginthreadex
_endthreadex
_stati64
time
_ftime

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
HeapFree
HeapAlloc
GetTickCount
CreateThread
CloseHandle
CreateFileW
DeleteFileW
WriteFile
LoadLibraryW
GetProcAddress
SetFilePointer
ReadFile
HeapReAlloc
WideCharToMultiByte
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
ExpandEnvironmentStringsA
GetLastError
FormatMessageA
SetLastError
CreateFileA
GetFileSizeEx
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
GetVersionExW
HeapSize
HeapValidate
HeapCompact
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
TryEnterCriticalSection

user32

CharLowerW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
GetDC
ReleaseDC

gdi32

GetDeviceCaps

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

comctl32

InitCommonControlsEx

ole32

CoInitialize

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

wsock32

closesocket
WSACleanup
WSAStartup
socket
recv
WSAGetLastError
send
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
htons
bind
connect
select
__WSAFDIsSet
htonl
listen
accept
ioctlsocket
gethostname
ntohl

Sections

.code
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfeef48d86b2bc12270179e05fc282e5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ole32

ws2_32

crypt32

wsock32

Sections

.code Size: 3KB - Virtual size: 3KB

.text Size: 1018KB - Virtual size: 1018KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 17KB - Virtual size: 21KB

.code
Size: 3KB - Virtual size: 3KB

.text
Size: 1018KB - Virtual size: 1018KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 17KB - Virtual size: 21KB