32806f2801aef45d86fa513a07dc7403

Sharing

Copy URL Twitter E-mail

General

Target

32806f2801aef45d86fa513a07dc7403
Size

244KB
MD5

32806f2801aef45d86fa513a07dc7403
SHA1

1dc1fa9d1a8052d0253033dbe978b116c7848eb8
SHA256

73e2e5aeb72e218de33abcda8d24a9e9111ec5157836ec8657c8ae1e09914d78
SHA512

f21398bea816968db49b0b95a3a2709cf4516b6360339702b05bb460208e5a7b3d65f42ca5df963ea50b79fe5345653b4bb232050e1b72ea1661c5b4111a1c30
SSDEEP

6144:/iR/pBD/GU7pkDISqPhZPHUU8Mz/MnAyyFj70V9bHwni0uyUrj:/iR/pZXYISqPhZPHUU8bAyxzZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32806f2801aef45d86fa513a07dc7403

Files

32806f2801aef45d86fa513a07dc7403
.exe windows:4 windows x86 arch:x86

c422d355d16b4ec2dc63f582f24c70b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
OpenProcess
MulDiv
TerminateThread
TerminateProcess
Sleep
GetWindowsDirectoryA
ExitProcess
LoadLibraryA
CreateThread
GetCommandLineA
GetCurrentThreadId
CloseHandle
FreeResource
GetProcAddress
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
CreateFileA
WriteFile
GetLastError
CopyFileA
GetExitCodeThread
ExitThread
SizeofResource
HeapFree
GetCurrentProcess
GetCPInfo
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
VirtualAlloc
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
ReadFile
GetVersion
GetStartupInfoA
GetModuleHandleA
HeapSize
HeapReAlloc
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
EnterCriticalSection
GetEnvironmentStrings
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetTimeZoneInformation
LeaveCriticalSection
HeapAlloc

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

gdi32

SelectObject
GetDeviceCaps
CreateSolidBrush
GetStockObject
CreateFontA
SetBkMode

shell32

ShellExecuteA

user32

FillRect
BeginPaint
MessageBoxA
SetDlgItemTextA
EndDialog
SendDlgItemMessageA
FindWindowA
DialogBoxParamA
InvalidateRect
PostMessageA
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
GetClassNameA
EndPaint
DrawTextA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassA
wsprintfA
SystemParametersInfoA
CreateWindowExA
DestroyWindow
PostThreadMessageA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
GetDlgItemTextA
SetTimer
SetWindowTextA
ShowWindow
DefWindowProcA
GetClientRect

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

gethostname
bind
listen
accept
WSACleanup
send
gethostbyname
WSAStartup
setsockopt
connect
recv
shutdown
socket
htons
sendto
closesocket
ioctlsocket

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c422d355d16b4ec2dc63f582f24c70b6

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

version

wsock32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 28KB - Virtual size: 221KB

.rsrc Size: 116KB - Virtual size: 114KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 28KB - Virtual size: 221KB

.rsrc
Size: 116KB - Virtual size: 114KB