2150003d210cc94927964d8885d3df34 | Triage

Sharing

General

Target

2150003d210cc94927964d8885d3df34
Size

16KB
MD5

2150003d210cc94927964d8885d3df34
SHA1

c8c567fabf3f1ed042be16b3b5dcd257dade30b4
SHA256

c25795bd7bfca9a2b532db1d9ad339cf67186f22d8f49e60e41c9e64907b4dc9
SHA512

aec8a5d253c37a15b0590a05e2c096412bbf68586d35677bf16718067bc79a87e282c6885556fb8fdc1a7cfacaae078e1c5c35e063e2d2877401dce087d4aad6
SSDEEP

384:cTHOZb6s3Bpi+CTw2DVdKhYAspP/dkMwDumHSBIw:cTHuBBpi+IKYxpXqMwDrHSBIw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2150003d210cc94927964d8885d3df34

Files

2150003d210cc94927964d8885d3df34
.exe windows:4 windows x86 arch:x86

1ad93685c661671f50c6b565a508a1c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
WSAStartup
connect
inet_ntoa
inet_addr
WSAGetLastError
htons
ntohs
shutdown
recv
bind
socket
__WSAFDIsSet
closesocket
select
WSAIoctl
gethostbyname
send
getsockopt
listen
accept

shlwapi

PathRemoveExtensionA
StrStrIA
StrChrIA
StrToIntA

wininet

InternetOpenUrlA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle

kernel32

CreateThread
DeleteFileA
ResumeThread
WriteProcessMemory
GetCurrentProcessId
CloseHandle
CreateMutexA
GetModuleHandleA
FindNextFileA
GetModuleFileNameA
LoadLibraryA
FindClose
VirtualAllocEx
SetFileAttributesA
CopyFileA
GetProcAddress
FindFirstFileA
lstrcatA
GetSystemDirectoryA
CreateProcessA
Sleep
OpenProcess
GetCommandLineA
WriteFile
SetFileTime
GetTickCount
GetFileAttributesExA
WaitForSingleObject
SetErrorMode
HeapReAlloc
lstrlenA
lstrcpynA
HeapAlloc
GetProcessHeap
GlobalAlloc
HeapSize
GlobalFree
lstrcpyA
GetThreadContext
CreateFileA
SetThreadContext

user32

wsprintfA

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE