497eabfe80ac404cbebdbbfc00708ca6

Sharing

Copy URL Twitter E-mail

General

Target

497eabfe80ac404cbebdbbfc00708ca6
Size

323KB
MD5

497eabfe80ac404cbebdbbfc00708ca6
SHA1

496faa27c9e13556394adbe032e6220ccb5ed56e
SHA256

73eff56d910c7f9fade18f52017843cf3fa51355e6f02d0db683314ca41438fe
SHA512

027ca3a5cbb19749074fce42cbe90e15230147320c6b70af01290849736a307f886d16656cd740c6562b8a95d44de2203badc631f7670b9a4cc9a141f16613eb
SSDEEP

6144:egcr6nX/HUQGSgkzsBb806WK1l4/t6w6PDY:tc68FOhWelot6w6M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
497eabfe80ac404cbebdbbfc00708ca6

Files

497eabfe80ac404cbebdbbfc00708ca6
.exe windows:4 windows x86 arch:x86

6eef5de2a8be65efacc4d4a279c134ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
fflush
sprintf
strchr
isdigit
calloc
printf
perror
_errno
strerror
tolower
fgets
fprintf
_ftol
strcat
feof
ferror
sscanf
fputc
wcscat
__set_app_type
_EH_prolog
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
strtok
rand
srand
fwrite
fopen
fseek
ftell
fread
fclose
malloc
free
exit
strncat
strncmp
atof
memcmp
strcmp
strcpy
system
atoi
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_vsnprintf
strlen
strncpy
strstr
memset
memcpy
_snprintf
_controlfp
__CxxFrameHandler

gdi32

CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
CreateCompatibleDC
SelectObject
BitBlt
GetDIBits

kernel32

CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
GetLogicalDrives
GetDriveTypeA
TransactNamedPipe
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
GetCurrentProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateEventA
GetTempPathA
MultiByteToWideChar
MoveFileA
CreateDirectoryA
RemoveDirectoryA
CreateMutexA
WaitForSingleObject
GetLastError
CopyFileA
GetModuleFileNameA
CreateNamedPipeA
WaitNamedPipeA
TerminateProcess
GlobalMemoryStatus
TerminateThread
CreateThread
GetStdHandle
AllocConsole
FreeConsole
GetDiskFreeSpaceExA
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
FreeLibrary
GlobalFree
WriteFile
GlobalAlloc
InterlockedExchange
ExitProcess
GetWindowsDirectoryA
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA
GetVersionExA

user32

ReleaseDC
ExitWindowsEx
wsprintfA

advapi32

LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
ControlService
EnumServicesStatusA
RegQueryValueExA
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A

shell32

SHGetDiskFreeSpaceExA
ShellExecuteA

ws2_32

gethostbyaddr
connect
__WSAFDIsSet
WSAGetLastError
ioctlsocket
recvfrom
sendto
inet_ntoa
setsockopt
shutdown
send
recv
inet_addr
socket
htons
bind
getsockname
listen
gethostbyname
ntohs
ntohl
select
closesocket
WSACleanup
getpeername
WSAStartup
accept

mpr

WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

dnsapi

DnsQuery_A

Sections

.data
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tfkwwad
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6eef5de2a8be65efacc4d4a279c134ca

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

advapi32

shell32

ws2_32

mpr

psapi

dnsapi

Sections

.data Size: 296KB - Virtual size: 296KB

.tfkwwad Size: 16KB - Virtual size: 16KB

Size: 9KB - Virtual size: 9KB

.data
Size: 296KB - Virtual size: 296KB

.tfkwwad
Size: 16KB - Virtual size: 16KB