01ae3274db2b2aed7719e3d0c05fd844

Sharing

Copy URL

Twitter E-mail

General

Target

01ae3274db2b2aed7719e3d0c05fd844
Size

176KB
MD5

01ae3274db2b2aed7719e3d0c05fd844
SHA1

228aa0f82886ef0078ef5c32877727d3f5ee540a
SHA256

dbc13d8307b705f909f671673d7cd16dd738723f25ae0e579bc38b77e6ffbe05
SHA512

367ebd41c6f5f92cc67c165c58dd8e7da206287ee6e6d78bf45200cc95b3f8e063edfeae5bad93cc41a956a367170c0a156ee2071e5cef26823c9153e55af5a7
SSDEEP

3072:FKNar2D7dGI2MYJU1JUq9fh92+Y0ZWO027+riEkJwDM+gMqqDL2/NljYXNq:FK0wRJJUq4+9j5JwAcqqDL6bYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01ae3274db2b2aed7719e3d0c05fd844

Files

01ae3274db2b2aed7719e3d0c05fd844
.dll windows:4 windows x86 arch:x86

fa73fa67737152d79c5968f1b51e84f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

getpeername
getsockname
recvfrom
send
recv
setsockopt
ioctlsocket
sendto
accept
connect
inet_ntoa
htons
WSAAsyncSelect
bind
htonl
socket
WSACleanup
closesocket
WSAGetLastError
WSAStartup
shutdown
gethostbyname
inet_addr

kernel32

FlushFileBuffers
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetTickCount
Sleep
GetLastError
GetSystemTimeAsFileTime
GetLocaleInfoA
InitializeCriticalSection
WideCharToMultiByte
CompareStringW
GetACP
MultiByteToWideChar
RaiseException
InterlockedExchange
CompareStringA
DeleteCriticalSection
GetVersionExA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetCurrentThreadId
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
GetTimeZoneInformation
HeapSize
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetCommandLineA
RtlUnwind
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
GetFileType

user32

DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcA
GetWindowLongA
SetTimer
SetWindowLongA
CreateWindowExA
DestroyWindow
KillTimer

Exports

Exports

CreateBuddy2

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa73fa67737152d79c5968f1b51e84f3

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB