1a6e8110425983a1b1017c8966be45a8

General

Target

1a6e8110425983a1b1017c8966be45a8
Size

20KB
MD5

1a6e8110425983a1b1017c8966be45a8
SHA1

d049f9356acec57dcfbb9e3944f44f7a8b9c95c3
SHA256

e70c0fa60f55d7881a5cd5ee7b2fe4402cf5b7bf2309a2e0f4881601c0bf61c7
SHA512

47e58ed15a7988015acb9016befdc51be6579722f15f14548b18524181d08a31f53e029175b3cb8cf5282dff7289f147b57f811313163d69510ce1c6e8ce765c
SSDEEP

384:ZwxfNy2V/tuc+Bmy2UWEeDypPzdPw0xWsn8x0J:CxfPBtu7gEqypLdxssnw0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a6e8110425983a1b1017c8966be45a8

Files

1a6e8110425983a1b1017c8966be45a8
.exe windows:4 windows x86 arch:x86

61d097af7d2161c11d54fa0ab9ecd513

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atol
strtok
strcmp
strcpy
memcpy
??2@YAPAXI@Z
srand
rand
strlen
_snprintf
strstr
free
memset
malloc
sprintf

shlwapi

AssocQueryStringA
StrCmpNIA

ws2_32

gethostbyname
connect
socket
htons
WSAStartup
WSACleanup
closesocket
recv
send
inet_addr

kernel32

ExitProcess
CopyFileA
CreateRemoteThread
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
GetModuleFileNameA
SetErrorMode
CreateMutexA
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceA
OpenProcess
WriteFile
ReleaseMutex
GetComputerNameA
Sleep
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
ReadProcessMemory
GetThreadContext
VirtualAlloc
CreateProcessA
DeleteFileA
SetFileAttributesA
CloseHandle
Process32First
CreateFileA
GetTickCount
Process32Next
ExitThread

user32

MessageBoxA

advapi32

GetUserNameA
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueA
RegOpenKeyExA
GetCurrentHwProfileA

shell32

SHGetSpecialFolderPathA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
InternetOpenA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size:

Sharing

General

Malware Config

Signatures

Files

61d097af7d2161c11d54fa0ab9ecd513

Headers

File Characteristics

Imports

msvcrt

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

wininet

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

Size: - Virtual size:

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB