65b0f6a1849e3e1e4b8285b57130809c

Sharing

Copy URL Twitter E-mail

General

Target

65b0f6a1849e3e1e4b8285b57130809c
Size

419KB
MD5

65b0f6a1849e3e1e4b8285b57130809c
SHA1

ed4b8c6b54230b40c07ecb244c25f75ab7e2127e
SHA256

befe1ccda0465fd997df31a0552e3ed743ceeab58aaf03a28aca5723f9d1dd90
SHA512

d66518e9440f8291dd5e37257b9a5481e115f7c76a2fb393f8698d1352af15e56fd3607a502cd49af54f0409d9f33c5dabbd2fb62c29ebf1c9cc46e83d664631
SSDEEP

12288:KKVoVA1wt8aXjGNZKdrIhdqYRYVixEdzy:xoVA1/idrICY0d+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65b0f6a1849e3e1e4b8285b57130809c

Files

65b0f6a1849e3e1e4b8285b57130809c
.exe windows:6 windows x86 arch:x86

4394a6607ed27cca32acda85a0c5ad17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThread
GetThreadContext
GetCurrentProcess
LoadLibraryExA
GetProcAddress
GetCurrentDirectoryA
GetModuleHandleA
IsDebuggerPresent
ExitProcess
GetTickCount64
WinExec
GetModuleFileNameA
TerminateThread
CreateThread
SetConsoleTitleA
SetConsoleMode
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetTickCount
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
Sleep
GetStdHandle
FreeLibrary
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
CloseHandle
WaitForSingleObjectEx
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetConsoleTextAttribute

user32

GetWindowThreadProcessId
FindWindowA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
GetCurrentHwProfileA

shell32

ShellExecuteA

msvcp120

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_BADOFF@std@@3_JB
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sync@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Winerror_map@std@@YAPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

ws2_32

listen
accept
recvfrom
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
sendto
ioctlsocket
gethostname
htonl
ntohl
freeaddrinfo

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord46
ord143
ord35
ord211

normaliz

IdnToAscii

iphlpapi

GetAdaptersInfo

msvcr120

_strdup
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_except1
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
_read
_write
_close
_open
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
malloc
sprintf
free
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove
_purecall
exit
rand
srand
remove
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fflush
fputc
fwrite
setvbuf
fgetpos
_fseeki64
fsetpos
memcpy_s
ungetc
fgetc
_unlock_file
_lock_file
fclose
memchr
_time64
atoi
rename
strstr
realloc
calloc
memset
isxdigit
strtoul
memcpy
strchr
strncmp
strrchr
__iob_func
fgets
fopen
fputs
sscanf
qsort
strtoll
strncpy
_errno
tolower
fread
fseek
isalpha
strpbrk
strtol
isdigit
isspace
isalnum
_gmtime64
strerror
__sys_nerr
_beginthreadex
_lseeki64
_fstat64
_getpid
getenv
_stat64
isupper
islower
isprint
isgraph
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4394a6607ed27cca32acda85a0c5ad17

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp120

ws2_32

crypt32

wldap32

normaliz

iphlpapi

msvcr120

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 17KB - Virtual size: 16KB