51f9631be28ce69eb2e4f0e3090d1b51

Sharing

Copy URL Twitter E-mail

General

Target

51f9631be28ce69eb2e4f0e3090d1b51
Size

101KB
MD5

51f9631be28ce69eb2e4f0e3090d1b51
SHA1

bfcb3c832ee7f4834aa9d2cc13d390df04a8e1a2
SHA256

c1bb0ad14acbcd138038fa3d290e2cdd5371f6a5d59cb297ae85e241a47336e1
SHA512

0496e9ccf41387eff335387f40b41ad315c65f6db669f3a8b0d0f00754cad9c9b71c89db8dd2d4a1f382d5974fd49556956de94b814585338ca3ac60f4de5fc0
SSDEEP

3072:/hBRkAbjTKVIt5khzAM3/QWw0IAVjRG6NeJk:/hBR5bjTKzhz+n0IijRG6Neq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51f9631be28ce69eb2e4f0e3090d1b51

Files

51f9631be28ce69eb2e4f0e3090d1b51
.exe windows:4 windows x86 arch:x86

a92f4aa5f9c5e8de373da5fb7235acd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetVersion
OutputDebugStringA
GetTickCount
SetFileTime
GetFileTime
SearchPathA
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
TerminateThread
TerminateProcess
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
PeekNamedPipe
FileTimeToSystemTime
GetSystemDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
MoveFileA
RemoveDirectoryA
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
OpenProcess
GlobalFree
GlobalUnlock
GlobalLock
Beep
AllocConsole
GetWindowsDirectoryA
GetCommandLineA
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CreateProcessA
GetDateFormatA
GetTimeFormatA
WinExec
CopyFileA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
Sleep
WriteFile
FindFirstFileA
FindNextFileA
FindClose
GetCurrentDirectoryA
GetComputerNameA
ExitProcess
ExitThread
GetLastError
CreateThread
FileTimeToLocalFileTime

user32

MessageBoxA
GetKeyboardLayout
OemToCharA
CharToOemA
SendMessageA
FindWindowA
ExitWindowsEx
EnumWindows
GetWindowTextA
GetForegroundWindow
GetClipboardData
OpenClipboard
GetDesktopWindow
CloseClipboard

advapi32

CloseServiceHandle
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
ChangeServiceConfig2A
StartServiceA
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
SetServiceStatus
RegisterServiceCtrlHandlerA
EnumServicesStatusA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
StartServiceCtrlDispatcherA
ClearEventLogA

shell32

ShellExecuteA

ws2_32

inet_addr
inet_ntoa
accept
WSAIoctl
getprotobynumber
ntohs
gethostbyaddr
getsockname
gethostbyname
socket
listen
setsockopt
WSAStartup
connect
send
select
__WSAFDIsSet
recv
WSACleanup
closesocket
htons
bind

shlwapi

StrStrIA

iphlpapi

GetIfEntry
GetAdaptersInfo
GetIfTable

winmm

mciSendStringA
mciSendCommandA

msvcrt

_stricmp
strrchr
fgets
system
rename
free
fread
_ftol
fwrite
_vsnprintf
sprintf
fopen
fprintf
fflush
fclose
gets
malloc
strncpy
strchr
strtok
strstr
atoi
_snprintf
printf
fseek
sscanf
??2@YAPAXI@Z
_strupr
_kbhit
_strcmpi
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
__p___argc
__p___argv
isxdigit
strncmp
srand
toupper

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a92f4aa5f9c5e8de373da5fb7235acd8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

iphlpapi

winmm

msvcrt

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 27KB - Virtual size: 863KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 27KB - Virtual size: 863KB