0d40f7bbe4245781e2afca36c71f42c2

Sharing

Copy URL Twitter E-mail

General

Target

0d40f7bbe4245781e2afca36c71f42c2
Size

76KB
MD5

0d40f7bbe4245781e2afca36c71f42c2
SHA1

0a49322910a976452fcc26acfe87cece4e37a6c2
SHA256

e51b1a392ba4c2eb562b52d6b966e18d5d4da7ed22409901474092d6821ef9f4
SHA512

80db0f3fbeb95ef70668d34c595e29991e1e6a643deb5be7f5638093e1a2da13f554871ff99ce2c08cb6eec06dd486e2b0fc7360ec216c516b7f11efae6aa852
SSDEEP

1536:m8Mo1x21kuGUx6+VkPHoLPyNrFYe6N5mgAcM:m89E1PGU7aILPy9FYe6u9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d40f7bbe4245781e2afca36c71f42c2

Files

0d40f7bbe4245781e2afca36c71f42c2
.exe windows:4 windows x86 arch:x86

a14a4d4bb1dd3f8686de742ac4b07b6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_CRT_RTC_INITW
strstr
srand
rand
__CxxFrameHandler3
memset
memcpy
memcmp

kernel32

VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
lstrcmpA
TerminateThread
WaitForSingleObject
CreateThread
ExitThread
GetFullPathNameA
WriteFile
SetFilePointer
GlobalAlloc
CloseHandle
Sleep
ReadFile
GetFileSize
CreateFileA
DeleteFileA
lstrcatA
GetTempPathA
GetModuleFileNameA
lstrlenA
lstrcpyA
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetTickCount
CreateMutexA
OpenMutexA
ExitProcess
FreeLibrary
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
GetWindowsDirectoryA
FindClose
GlobalFree
SetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
GetLocalTime
FindNextFileA

user32

MessageBoxA
GetMessageA
DispatchMessageA
CharLowerA
wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ws2_32

recv
accept
listen
send
htons
socket
WSAStartup
connect
gethostbyname
htonl
inet_addr
getsockname
closesocket
bind

wininet

InternetCheckConnectionA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a14a4d4bb1dd3f8686de742ac4b07b6c

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

advapi32

ws2_32

wininet

Sections

.textbss Size: - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 40KB - Virtual size: 51KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 40KB - Virtual size: 51KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 5KB