698a4eb926b214d13c5ad36586685f70

Sharing

Copy URL Twitter E-mail

General

Target

698a4eb926b214d13c5ad36586685f70
Size

120KB
MD5

698a4eb926b214d13c5ad36586685f70
SHA1

0c30dd6019498222f302ce82cde0fc20ff051778
SHA256

4c749c56d94b1251a3717feb328fe5f88216d7faba329b068eb6422727a4c2fe
SHA512

28c3a28e0ac5909ed388b661cf338c738f0f90bc0a02b57c8af87e760339533f6cc53696632061aad6eda3363c1191a1c113dd52d3ff896fe9a2b24be68420df
SSDEEP

1536:9fL6cTypSdvmr147/uD7d/wDEgmVETTjFewB7dC:9TrddO7d/wtFewBBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
698a4eb926b214d13c5ad36586685f70

Files

698a4eb926b214d13c5ad36586685f70
.exe windows:5 windows x86 arch:x86

cada02b5dabc1149e93f6f2805edb0ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
CloseHandle
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileMappingW
CreateFileW
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
FindClose
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentVariableW
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileTime
GetTickCount
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetTempPathW
GetVersionExW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
LocalFree
MapViewOfFile
MapViewOfFileEx
MoveFileExW
OpenFileMappingW
OpenProcess
OpenThread
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForMultipleObjects
WaitForSingleObject
WriteFile
WriteProcessMemory

shell32

ord739
SHGetSpecialFolderPathW

ws2_32

ord494
FreeAddrInfoW
FreeAddrInfoW
getaddrinfo
GetAddrInfoW
__WSAFDIsSet
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
ioctlsocket
listen
recv
select
send
shutdown
socket

ntdll

LdrLoadDll
NtResumeThread
CsrClientCallServer
LdrLoadDll
ZwAdjustPrivilegesToken
ZwOpenProcessToken
NtQueryInformationProcess
NtQueryInformationThread
ZwQuerySystemInformation
ZwQueueApcThread
NtResumeThread
ZwSuspendThread
ZwClose
RtlAnsiStringToUnicodeString
RtlCreateUserThread
RtlExitUserThread
RtlRandom
RtlTimeToSecondsSince1970
RtlUnicodeStringToAnsiString
_snprintf
RtlEnterCriticalSection
RtlGetLastWin32Error
RtlAllocateHeap
RtlFreeHeap
RtlReAllocateHeap
RtlLeaveCriticalSection
RtlTryEnterCriticalSection

user32

BeginPaint
CloseDesktop
CloseWindowStation
CreateDesktopW
CreateWindowExW
CreateWindowStationW
DefWindowProcA
DefWindowProcW
DestroyWindow
DispatchMessageW
EndPaint
FindWindowW
GetClassLongW
GetDC
GetForegroundWindow
GetMessageW
GetParent
GetProcessWindowStation
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUserObjectInformationW
GetWindow
GetWindowInfo
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
IsWindowVisible
MapVirtualKeyW
OpenDesktopA
OpenDesktopW
OpenWindowStationA
OpenWindowStationW
PostMessageW
PostQuitMessage
RegisterClassW
RegisterClassExW
RegisterDeviceNotificationW
RegisterWindowMessageW
ReleaseDC
SendMessageTimeoutW
SendMessageW
SetProcessWindowStation
SetThreadDesktop
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WindowFromPoint

secur32

UnsealMessage
SealMessage
InitializeSecurityContextA
InitializeSecurityContextW

advapi32

ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
CreateServiceW
DeleteService
DuplicateTokenEx
GetSecurityDescriptorSacl
GetUserNameW
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW
StartServiceW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
DeleteObject
GdiFlush
GetDeviceCaps
GetDIBits
SelectObject

Sections

sect_1
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cada02b5dabc1149e93f6f2805edb0ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

ntdll

user32

secur32

advapi32

gdi32

Sections

sect_1 Size: 108KB - Virtual size: 108KB

.idata Size: 8KB - Virtual size: 8KB

sect_1
Size: 108KB - Virtual size: 108KB

.idata
Size: 8KB - Virtual size: 8KB