3c5b2f99b49bb53380e5115d69132ef8

General

Target

3c5b2f99b49bb53380e5115d69132ef8
Size

14KB
MD5

3c5b2f99b49bb53380e5115d69132ef8
SHA1

0a41dd5eda3a971ac2746790475f654aafb8236a
SHA256

77fe2b1dd107bdf351043f1e837f6218b9f252066987b7a646130a308cb45f91
SHA512

a562716c710a906e2271a6a62fcb4c683caad7d87300402968aeaf94eab1e5513d528471dd7b0cbfd19a789c5443bef520117d7d3f3408e8fc8903d8ab698aa1
SSDEEP

192:92ekF64YF5dyvZbRXqy/g6H9bwSGjql7r4eR+JsJHbhFRCZwS+PkkVPl:YekF64Y5mbRXq4jdUWr4eRtB06Hf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c5b2f99b49bb53380e5115d69132ef8

Files

3c5b2f99b49bb53380e5115d69132ef8
.exe windows:4 windows x86 arch:x86

a80de09a6c675b62e4f522584dff0e5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
GetModuleHandleA
GetCurrentProcess
GetVolumeInformationA
GetWindowsDirectoryA
IsBadReadPtr
GetVersionExA
OpenProcess
RtlUnwind
IsDebuggerPresent
GetProcAddress
GetSystemDirectoryA
CreateFileA
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
CloseHandle
lstrcatA
VirtualAllocEx
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

MessageBoxA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA

ws2_32

socket
WSAStartup
htons
send
closesocket
WSACleanup
inet_addr
connect

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a80de09a6c675b62e4f522584dff0e5b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1004B

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1004B

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 176B