7a813a5587d407aa7decb4c2f76b0f86

Sharing

Copy URL Twitter E-mail

General

Target

7a813a5587d407aa7decb4c2f76b0f86
Size

188KB
MD5

7a813a5587d407aa7decb4c2f76b0f86
SHA1

f48d016bd228161988ec05539d94b2d7537f9f42
SHA256

e5be1e93d792e786bbae4ac41b08a06291e326495633b889e0b826a657ac56f6
SHA512

9bf96b16cbde0616e7ad41942cb4ff05a9559743684a122c6feb47e6993f0036196d2a3ac4423a668a8a95d87aa5b4d86da040a5ebf0453af75db265b53ca389
SSDEEP

3072:NdwcAYqv8v0H8T4GWhqzYSPL9rWxkij69TyQrdwVTInQm64j+oQ1YgO:Ndwt0vw8T4nhq/9Uj6hxVNjG1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a813a5587d407aa7decb4c2f76b0f86

Files

7a813a5587d407aa7decb4c2f76b0f86
.exe windows:4 windows x86 arch:x86

2c9e42476401142e5c1bba9dedeff00c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
inet_ntoa
WSACreateEvent
WSACloseEvent
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSAGetLastError
WSARecv
WSAResetEvent
WSASetLastError
WSASend
getsockopt
setsockopt
WSAEnumNetworkEvents
connect
htons
WSAEventSelect
WSASocketA
WSADuplicateSocketW
WSADuplicateSocketA
recvfrom
sendto
WSACleanup
inet_addr
socket
htonl
bind
shutdown
closesocket

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
GetStockObject
GetDeviceCaps
DeleteDC

kernel32

WritePrivateProfileStringA
InterlockedDecrement
GetCurrentThreadId
lstrcmpiA
GetCommandLineA
lstrlenA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
CloseHandle
GetCurrentProcess
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ReleaseMutex
Sleep
GetPrivateProfileStringA
CreateMutexA
CreateThread
TerminateThread
GetExitCodeProcess
SetEvent
SetThreadPriority
ResetEvent
IsBadWritePtr
OutputDebugStringA
OpenProcess
FlushInstructionCache
FreeResource
GlobalFree
GlobalHandle
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpA
GetStartupInfoA
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
InterlockedExchange
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetVersion
TerminateProcess
HeapSize
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadReadPtr
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetFilePointer
GetACP
GetOEMCP
ReadFile
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
CreateEventA

user32

InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateWindowExA
wsprintfA
DestroyWindow
CreateAcceleratorTableA
GetDesktopWindow
GetParent
GetClassNameA
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
SendMessageA
GetDC
ReleaseDC
GetFocus
IsChild
SetFocus
GetSysColor
CallWindowProcA
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindow
DefWindowProcA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DialogBoxIndirectParamA
SetWindowLongA
GetDlgItem
SetTimer
BringWindowToTop
SetDlgItemTextA
EndDialog
GetDlgItemTextA
KillTimer
ShowWindow
EndPaint
GetActiveWindow
MessageBoxA
LoadStringA
GetMessageA
DispatchMessageA
PostThreadMessageA
CharNextA
RegisterWindowMessageA

olepro32

ord253

advapi32

RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegDeleteValueA
CreateServiceA
DeleteService
ControlService
StartServiceCtrlDispatcherA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegCloseKey

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoDisconnectObject
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
OleLockRunning

oleaut32

VarUI4FromStr
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c9e42476401142e5c1bba9dedeff00c

Headers

File Characteristics

Imports

ws2_32

gdi32

kernel32

user32

olepro32

advapi32

ole32

oleaut32

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 12KB - Virtual size: 8KB