7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5

Resubmissions

26/12/2023, 16:14

231226-tp24dshehn 5

30/01/2022, 01:25

220130-btbg5adbg7 5

Sharing

Copy URL Twitter E-mail

General

Target

7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5
Size

783KB
MD5

b8ac16701c3c15b103e61b5a317692bc
SHA1

a4226714f346c7844a9183e01961e7609d6fa241
SHA256

7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5
SHA512

5be181e127b96ae8f95e5f761e7d782a1c0385a6ae3c33955f5e90b02219f770dda5fe6866bfce019a4e2e1bef31f562d96f03c53f39570a92f57b99164b01e9
SSDEEP

12288:yTy4OwZ54eKaLr6lMeD4woR8ss+/183KiIv2U6IrD4+ytdhC:l1aP6lR4H5s1VW8II+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5

Files

7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5
.exe windows:5 windows x86 arch:x86

c0b4d1880addd1fcab5095057ac559e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
gethostname
inet_ntoa
getsockname
htons
__WSAFDIsSet
htonl
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
select
closesocket
shutdown
socket
getsockopt
connect
bind
listen
accept
send
sendto
recv
recvfrom
ioctlsocket
gethostbyaddr
gethostbyname
ntohs
ntohl

psapi

GetModuleBaseNameA

wininet

HttpOpenRequestA
HttpSendRequestA
FtpPutFileA
FtpGetFileA
InternetConnectA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle
InternetGetConnectedState
InternetOpenA

kernel32

GetProcessHeap
GetDriveTypeA
FindFirstFileA
GetLogicalDriveStringsA
FindClose
FindNextFileA
CloseHandle
GetExitCodeThread
GetThreadTimes
SuspendThread
ResumeThread
WaitForSingleObject
SetNamedPipeHandleState
ReleaseMutex
ExitProcess
GetThreadContext
CreateTimerQueue
GetFileSize
SetThreadContext
SetErrorMode
SetWaitableTimer
SetUnhandledExceptionFilter
SystemTimeToFileTime
GetCurrentProcess
CompareFileTime
Process32First
CancelWaitableTimer
SetEvent
VirtualFree
IsBadReadPtr
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
VirtualQueryEx
WriteFile
InitializeCriticalSection
Thread32First
WideCharToMultiByte
TerminateThread
InitializeCriticalSectionAndSpinCount
Sleep
CreateEventA
LeaveCriticalSection
CreateSemaphoreA
GetTickCount
Thread32Next
ReadFile
GetSystemDirectoryA
ExitThread
ReleaseSemaphore
GetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
CreateTimerQueueTimer
EnterCriticalSection
VirtualProtectEx
LoadLibraryA
OpenThread
Process32Next
LocalAlloc
DeleteTimerQueue
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
VirtualProtect
CreateToolhelp32Snapshot
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
FileTimeToLocalFileTime
GetCurrentProcessId
CreateWaitableTimerA
LocalFree
GetSystemTime
DeleteFileA
CreateThread
lstrlenA
SystemTimeToTzSpecificLocalTime
SetFileTime
FileTimeToSystemTime
lstrcpyA
SetHandleCount
SetFilePointer
HeapFree
HeapAlloc
CreateFileA
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
CompareStringW
GetFileAttributesA
VirtualQuery
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
CreateFileW
TerminateProcess
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetModuleFileNameW
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
GetFileType
SetStdHandle
GetDateFormatA
GetTimeFormatA
MoveFileA
RtlUnwind
RaiseException
GetModuleHandleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetEndOfFile
HeapReAlloc
DecodePointer
EncodePointer
MultiByteToWideChar
PeekNamedPipe
CreateProcessA
GetStartupInfoA
CreatePipe
GetExitCodeProcess
OpenProcess
FormatMessageA
FreeLibrary
InterlockedIncrement
InterlockedDecrement
InterlockedExchange

user32

wsprintfA

advapi32

AllocateAndInitializeSid
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameA
RegCloseKey
RegFlushKey
FreeSid
IsValidSid
SetServiceStatus
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
EqualSid
RegisterServiceCtrlHandlerA
RegSetValueExA
GetTokenInformation
StartServiceCtrlDispatcherA
OpenProcessToken

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear

rpcrt4

UuidCreateSequential

Exports

Exports

ServiceMain

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c0b4d1880addd1fcab5095057ac559e2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

wininet

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 570KB - Virtual size: 569KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 67KB - Virtual size: 111KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 570KB - Virtual size: 569KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 67KB - Virtual size: 111KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 23KB - Virtual size: 23KB