5796d21d07ddfea69e36914064923213

Sharing

Copy URL Twitter E-mail

General

Target

5796d21d07ddfea69e36914064923213
Size

968KB
MD5

5796d21d07ddfea69e36914064923213
SHA1

defdf5a35ffeab0bb2295478ad80e5020acc3213
SHA256

e680e06e996730886aa77ea2229c83a4f2e6bfab15162bdcddfb328acc4d144c
SHA512

c260602c231b5674fe467f16a96bdd48c3a092bbe50e4c1dae17297d5807f88650f56760eb0d118db0d310fedaee11a77ba1a847d78fa3d54bb1c7f93fbe9f3f
SSDEEP

12288:es5RtdqbB2edS62ULsdVkjApg42v2skTID7qyjwN:xRtwBzcULsdSjjjoID7qIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5796d21d07ddfea69e36914064923213

Files

5796d21d07ddfea69e36914064923213
.exe windows:4 windows x86 arch:x86

60a232c3affdb7b6d7c0c78939b6412b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetConsoleCtrlHandler
GetEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
WideCharToMultiByte
SetEndOfFile
SetStdHandle
SetHandleCount
HeapCreate
RaiseException
CompareStringA
CompareStringW
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
SetCurrentDirectoryA
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapFree
HeapReAlloc
HeapAlloc
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
GetStdHandle
DebugBreak
GetVersion
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetLastError
ReadFile
CloseHandle
WriteFile
GetFileType
CreateFileA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
SetEnvironmentVariableA

user32

MessageBoxA
CharNextA
ReleaseDC
GetDC
SetTimer
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
CreateMenu
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
EndPaint
BeginPaint
PostQuitMessage
SetWindowTextA

gdi32

GetStockObject
GetObjectA
CreateFontA
SelectObject
SetTextColor
TextOutA
DeleteObject

wsock32

WSAAsyncSelect
listen
bind
htons
gethostname
socket
send
connect
WSAStartup
recv
WSAGetLastError
inet_addr
accept
htonl
WSACleanup
ntohl
ioctlsocket
closesocket

winmm

timeGetTime

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 161.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60a232c3affdb7b6d7c0c78939b6412b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wsock32

winmm

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 36KB - Virtual size: 161.1MB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 132KB - Virtual size: 128KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 36KB - Virtual size: 161.1MB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 132KB - Virtual size: 128KB