39398049cbc1319a9474acd6266f98c0

Sharing

Copy URL

Twitter E-mail

General

Target

39398049cbc1319a9474acd6266f98c0
Size

464KB
MD5

39398049cbc1319a9474acd6266f98c0
SHA1

42df366dd76872bdf59e65ce71c9d29e3b985b0d
SHA256

e970ac3d6357717a65c200e092ad3c4749cc0ce5703d00f0b8d427da6b967506
SHA512

d542ba4c590a8db77a6b2853652a26df407e0d84bb26cea6f740750434129945c1bc6a61a0b57abf1271b94cd8dce165a8a9efb03a3e3db82112cb1990ffc9e8
SSDEEP

6144:REiaAPohiPJ4PMs6+wq8cYWNENqSpXNPA7Q42reFrEOpmmJg8+E1JP8TTPU:RvRowPbG18YENqSEQX6FhpFJg831sPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39398049cbc1319a9474acd6266f98c0

Files

39398049cbc1319a9474acd6266f98c0
.exe windows:4 windows x86 arch:x86

fe8537e8ef9767520a2167ff9f6affa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
InterlockedIncrement
ReleaseMutex
LeaveCriticalSection
HeapDestroy
DeleteTimerQueueTimer
DeleteTimerQueue
InterlockedExchange
UnregisterWait
CreateMutexW
HeapCreate
WriteFile
CreateTimerQueueTimer
HeapReAlloc
UnregisterWaitEx
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
Sleep
GetLastError
VirtualAlloc
QueueUserWorkItem
DeviceIoControl
DisableThreadLibraryCalls
RegisterWaitForSingleObject
SetLastError
ReadFile
WaitForSingleObject
DeleteCriticalSection
HeapAlloc
GetCurrentThreadId
GetTickCount
GetComputerNameExW
GetProcAddress
ExpandEnvironmentStringsW
BindIoCompletionCallback
MultiByteToWideChar
CreateEventW
TerminateProcess
QueryPerformanceCounter
CloseHandle
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetCurrentProcess
InitializeCriticalSection
InterlockedDecrement
EnterCriticalSection
CreateTimerQueue
SetEvent
UnhandledExceptionFilter
ChangeTimerQueueTimer

iphlpapi

NotifyAddrChange
GetAdaptersAddresses
NotifyRouteChange
GetAdaptersInfo

msvcrt

wcscat
memcmp
memset
wcsncpy
memcpy
swprintf
wcscpy
_adjust_fdiv
memmove
_initterm
wcslen
malloc
wcschr
_wcsicmp
_except_handler3
wcscmp
free
strlen

dnsapi

DnsReplaceRecordSetW

ddraw

DirectDrawCreate

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

ws2_32

WSALookupServiceEnd
WSAAddressToStringW
WSALookupServiceBeginW
WSAAddressToStringA
WSASendTo
getnameinfo
getaddrinfo
WSAEventSelect
WSASocketW
freeaddrinfo
WSAStringToAddressA
WSAIoctl
WSARecvFrom
WSALookupServiceNextW

ntdll

NtQuerySemaphore
NtTerminateThread
RtlAddAccessAllowedObjectAce
RtlAdjustPrivilege

mswsock

AcceptEx
GetAcceptExSockaddrs

advapi32

CryptReleaseContext
RegEnumKeyExW
RegQueryValueExW
SetServiceStatus
CryptAcquireContextW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
CryptGenRandom

rtutils

RouterLogEventExA
RouterGetErrorStringW
RouterLogEventStringA
LogErrorW
RouterLogRegisterA
TraceDumpExA

wmi

WmiNotificationRegistrationW

Sections

.text
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe8537e8ef9767520a2167ff9f6affa4

Headers

File Characteristics

Imports

kernel32

iphlpapi

msvcrt

dnsapi

ddraw

ole32

ws2_32

ntdll

mswsock

advapi32

rtutils

wmi

Sections

.text Size: 4KB - Virtual size: 1012B

.rsrc Size: 408KB - Virtual size: 407KB

.data Size: 8KB - Virtual size: 2.4MB

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 32KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 96B

.text
Size: 4KB - Virtual size: 1012B

.rsrc
Size: 408KB - Virtual size: 407KB

.data
Size: 8KB - Virtual size: 2.4MB

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 32KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 96B