0397edc5d61a4339b624873c8b001b58

Sharing

Copy URL

Twitter E-mail

General

Target

0397edc5d61a4339b624873c8b001b58
Size

14KB
MD5

0397edc5d61a4339b624873c8b001b58
SHA1

2f5bd10a53b5172159f6018382f8d48c748e3f58
SHA256

c26dbfd2da52cc6daf72513710e02a03ffdfc7daa2cdaeb8963b56fb208970d9
SHA512

16816c51bf9b5dca100a932c818845b789a7d98330e167a7a2a1bd9f8335d0702b54ff33af7afd9283e3a4d795f9d3347dfe5a298f0194978cd8879bef0ddefa
SSDEEP

192:M6n9t86hTr+fyzf6SZIfwVNMtiBMmxRd4qsKAW0PyVi4LfPn53rajwAYeHeUFVV2:N71rdp2WMmxm4D1rash+e4+SX+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0397edc5d61a4339b624873c8b001b58

Files

0397edc5d61a4339b624873c8b001b58
.exe windows:4 windows x86 arch:x86

a414dffdd3329e14c660f2dfc440aac2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeResource
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
LoadResource
LockResource
CreateProcessA
ReadFile
ReadProcessMemory
RtlMoveMemory
RtlZeroMemory
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SizeofResource
Sleep
VirtualAlloc
VirtualFree
VirtualQueryEx
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
OpenProcess
CloseHandle

user32

GetAsyncKeyState
wsprintfA
MessageBoxA

shell32

ShellExecuteA

shlwapi

PathMatchSpecA
PathFindFileNameA

wininet

FtpSetCurrentDirectoryA
InternetOpenA
FtpPutFileA
FtpOpenFileA
InternetConnectA
InternetCloseHandle
FtpCreateDirectoryA

wsock32

WSAStartup
socket
send
closesocket
inet_addr
htons
gethostname
gethostbyname
connect
inet_ntoa

advapi32

GetUserNameA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ntdll

RtlDecompressBuffer

netapi32

NetApiBufferFree
NetUserEnum

psapi

EnumProcesses
GetModuleFileNameExA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a414dffdd3329e14c660f2dfc440aac2

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

wininet

wsock32

advapi32

ntdll

netapi32

psapi

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 147KB

.rsrc Size: 1024B - Virtual size: 676B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 147KB

.rsrc
Size: 1024B - Virtual size: 676B