626c2fa05cac67fbf7c63a421de88139

Sharing

Copy URL Twitter E-mail

General

Target

626c2fa05cac67fbf7c63a421de88139
Size

21KB
MD5

626c2fa05cac67fbf7c63a421de88139
SHA1

732c89bb93a75bc5400b514c4ba37a68f62542a3
SHA256

cb822c23b6f66eeadeac51283e203aa593d9d1e2e69c5f60fa9578d9481bb3d8
SHA512

b5b03b9eeb9881c6cb1d62f255f365108402f64d54416460f77b75caf73719754783721a2a0ee30911dfbe130b3fed49ab1c89cd301ead6371e6f3fe2ea967de
SSDEEP

384:/oSKCW28jKQwaq/MvYThgZmZFZjg2RR6DAjxv68x2dof3rjtQqCqI:/6CAqUZAjjX76DAMefFaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626c2fa05cac67fbf7c63a421de88139

Files

626c2fa05cac67fbf7c63a421de88139
.exe windows:4 windows x86 arch:x86

e3c15e3de6f0621814e587ababab975c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatus
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
OpenProcess
Process32First
Process32Next
ReadProcessMemory
ResumeThread
RtlMoveMemory
RtlZeroMemory
SetErrorMode
SetFilePointer
GlobalFree
Sleep
TerminateProcess
UnmapViewOfFile
VirtualAllocEx
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
GlobalAlloc
GetVersionExA
GetThreadContext
GetSystemDirectoryA
CloseHandle
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetComputerNameA
FreeLibrary
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
SetThreadContext

user32

wsprintfA
CloseDesktop
GetDC
GetDesktopWindow
GetThreadDesktop
GetUserObjectInformationA
MessageBoxA
OpenDesktopA
OpenInputDesktop
OpenWindowStationA
ReleaseDC
SetProcessWindowStation
SetThreadDesktop
GetSystemMetrics

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
SelectObject

ws2_32

socket
send
select
recv
listen
inet_ntoa
inet_addr
htons
getpeername
gethostbyname
connect
closesocket
bind
accept
WSAStartup
WSASocketA
WSACleanup

advapi32

GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupAccountSidA

psapi

GetModuleFileNameExA
EnumProcessModules

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3c15e3de6f0621814e587ababab975c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

advapi32

psapi

imagehlp

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 16B