73ce2b74da0ec2b9b9f5bd1d80137b27

General

Target

73ce2b74da0ec2b9b9f5bd1d80137b27
Size

24KB
MD5

73ce2b74da0ec2b9b9f5bd1d80137b27
SHA1

0771c04facd2570dc4d9f32b2e6075886e10a452
SHA256

e6f6a0648fc11b921bf9c2d2fcaa2d8985c8533580387313a105a12e80b2214b
SHA512

e17b611d2b379a55d0a04ee3240a2fe4aa8975d9946e313e3f71da7a4b8546957875669d68e418783de1ff3f37069c59497225076392779e60b8ed995ed39a8c
SSDEEP

384:OjkPldGWZsc5VLw0Pdesk1sTpTsklynva8LrCZWFIJW:RZpNw0tPUa8LrU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73ce2b74da0ec2b9b9f5bd1d80137b27

Files

73ce2b74da0ec2b9b9f5bd1d80137b27
.exe windows:5 windows x86 arch:x86

d418b9debed075f60bc452506cb9ddbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

WSASocketA
WSAGetLastError
WSAStartup
WSAEventSelect
htons
WSAGetOverlappedResult
ntohs
WSARecvFrom
ioctlsocket
WSACloseEvent
closesocket
inet_ntoa
bind
getservbyname
socket
sendto

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetLocalTime
DeleteCriticalSection
SetLastError
SetEvent
ResumeThread
GetLastError
WaitForSingleObject
CreateEventA
InitializeCriticalSection
HeapCreate
LeaveCriticalSection
HeapFree
CloseHandle
EnterCriticalSection
InterlockedIncrement
WaitForMultipleObjects
HeapAlloc
ResetEvent
Sleep
TryEnterCriticalSection
SuspendThread

advapi32

RegOpenKeyExA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus

ntdll

memmove
strncpy
isupper
tolower
RtlUpdateTimer
RtlDeleteTimer
_stricmp
atoi
_itoa
RtlDeregisterWaitEx
_chkstk
RtlCreateTimerQueue
RtlRegisterWait
RtlCreateTimer

iphlpapi

NotifyAddrChange
GetIpAddrTable

msvcrt

_initterm
__getmainargs
__setusermatherr
_lseek
_close
_read
malloc
realloc
fclose
free
time
_chdir
_errno
_mkdir
fopen
ctime
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
printf
__p___initenv
_XcptFilter
_exit
_open
_write
exit

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d418b9debed075f60bc452506cb9ddbf

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

ntdll

iphlpapi

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 5KB