4a35fc0f986e22eb76784e264dae5727

Sharing

Copy URL Twitter E-mail

General

Target

4a35fc0f986e22eb76784e264dae5727
Size

58KB
MD5

4a35fc0f986e22eb76784e264dae5727
SHA1

3136cc8aa5f2a3e72894d15ef27214a07682a4fe
SHA256

5224b73c52dce94a164416273e85d61e38e166bac2e032c2611406d7765f625b
SHA512

ea27ed7ca1f89692945fa3fc8ba5eb702b7bc8fa908b1e9675cd6889b10dc8d487ce131a900ce69bdf4df5ec005d81defd744a2f384ec552f17dc222c537b65d
SSDEEP

1536:LhoUzIOIwBTR7RKL6FCkd+OjfjzutdLBQtz5:toDO/BTRHfHW9Qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a35fc0f986e22eb76784e264dae5727

Files

4a35fc0f986e22eb76784e264dae5727
.exe windows:4 windows x86 arch:x86

721835f732bbc84770239244a44cecbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
gethostbyname
WSAStartup
WSACleanup
inet_addr
shutdown
send
recv
inet_ntoa
socket
htons
ioctlsocket
connect
select
closesocket
ntohl
htonl

shell32

SHGetFolderPathA

advapi32

GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA

kernel32

SetStdHandle
MultiByteToWideChar
SetFilePointer
RtlUnwind
FlushFileBuffers
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
GetFileType
GetTickCount
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileA
DeleteFileA
SetFileAttributesA
TerminateProcess
OpenProcess
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
LeaveCriticalSection
EnterCriticalSection
CreateThread
ExitThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LCMapStringW
ExitProcess
CreateProcessA
GetModuleFileNameA
WaitForSingleObject
CreateMutexA
SetErrorMode
GetTempPathA
GetLastError
CreateDirectoryA
GetVersionExA
TerminateThread
ExpandEnvironmentStringsA
GetFileAttributesA
GetModuleHandleA
WriteFile
CreateFileA
ReadFile
HeapReAlloc
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

CharLowerA

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

721835f732bbc84770239244a44cecbd

Headers

File Characteristics

Imports

ws2_32

shell32

advapi32

wininet

kernel32

user32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 928B