7e5be7eb542499a5b082a163cd50cd7e

Sharing

Copy URL Twitter E-mail

General

Target

7e5be7eb542499a5b082a163cd50cd7e
Size

560KB
MD5

7e5be7eb542499a5b082a163cd50cd7e
SHA1

ef3289b9274161817b9f3284e91c58a1c39d5a72
SHA256

c263d5fc1a7e4712a1ba233940d95671c51d7342208ec397d9d5d0636efd9760
SHA512

38974bd81c7f2c102ed85359a698b7ba1cd86f5f836d94585f568ff9bd73288ad1558da0d63ca8f5f6fad00ac34aa178daf04ee89c79a3a98ffae0b730c0e28f
SSDEEP

6144:qkaprtHZDozE/aDiKhD5gkWlca1g2YuEKwEylROXzqe3HelSX4aN0z:qkuHNogkrhD5HWmaHYuESGEDHeYI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e5be7eb542499a5b082a163cd50cd7e

Files

7e5be7eb542499a5b082a163cd50cd7e
.exe windows:4 windows x86 arch:x86

b98fab846eb19d86d70026c95898f1aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
socket
gethostbyname
inet_addr
ioctlsocket
htons
connect
send
select
__WSAFDIsSet
recv
WSACleanup
closesocket

user32

MessageBoxW

kernel32

GetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetStdHandle
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
WaitForSingleObject
CreateThread
CreateProcessW
GetSystemDirectoryW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
RaiseException
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetProcAddress
GetModuleHandleA
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
WriteFile
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
DebugBreak
lstrlenA
LoadLibraryA
CloseHandle
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualAlloc
SetConsoleCtrlHandler
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
FreeLibrary
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
IsValidCodePage

Sections

.textbss
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b98fab846eb19d86d70026c95898f1aa

Headers

File Characteristics

Imports

wsock32

user32

kernel32

Sections

.textbss Size: - Virtual size: 190KB

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 15KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 64KB - Virtual size: 60KB

.textbss
Size: - Virtual size: 190KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 64KB - Virtual size: 60KB