fd264de5cb5aedfd6c46a3c73a7b33d2

Sharing

Copy URL

Twitter E-mail

General

Target

fd264de5cb5aedfd6c46a3c73a7b33d2
Size

273KB
MD5

fd264de5cb5aedfd6c46a3c73a7b33d2
SHA1

32fa8729610835496387fd10f879634e1231ec0c
SHA256

5c5ce3dbe4a32ae821e2bf29e6e2783d515aeaf8436aff940b04f014fba620d6
SHA512

6e0addad507788ebcd8093cc37ec8d3482f93847cb710fc0e84a6cda027b31568e9d18e03781ac65b1a967d440920ac6791525adde5cacd10e133554cc44c1b1
SSDEEP

6144:NAe1anwI/XIIGy02QX7XJby1r2wEvC/bZTr4m971w1zhwz:NAe1awI/XTGyf27XJ+1r2wdtV1W1zU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd264de5cb5aedfd6c46a3c73a7b33d2

Files

fd264de5cb5aedfd6c46a3c73a7b33d2
.exe windows:4 windows x86 arch:x86

2bdedc434c0e2df1206d7702bc711a18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo
GetNetworkParams

user32

MessageBoxA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
OleRun

ws2_32

socket
WSACleanup
WSAStartup
connect
send
ntohl
htonl
closesocket
ioctlsocket
inet_addr
htons
recv

advapi32

RegOpenKeyExW
StartServiceW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
OpenServiceA
OpenSCManagerW
RegDeleteValueW
SetServiceStatus
GetSecurityDescriptorSacl
RegEnumValueW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
RegisterEventSourceW
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyW
ReportEventW
ChangeServiceConfigW
SetSecurityDescriptorSacl
RegSetValueExW
CreateServiceW
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceConfigW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
DeregisterEventSource
OpenServiceW
DeleteService
RegQueryValueExW

winmm

timeGetTime

kernel32

FindClose
GetFileAttributesExW
WriteConsoleW
OpenEventW
GetLogicalDriveStringsW
ReadFile
CreateFileA
GetCommandLineW
FindNextFileW
ConnectNamedPipe
TlsSetValue
RtlUnwind
IsValidLocale
CreateEventW
TlsFree
DeleteFileW
WideCharToMultiByte
GetProcessTimes
VirtualAlloc
GetSystemInfo
GetModuleHandleA
GetTimeZoneInformation
GetConsoleCP
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
SetConsoleCtrlHandler
HeapSize
SetLastError
CreateMutexW
GetCurrentThreadId
IsDebuggerPresent
CreateDirectoryW
LeaveCriticalSection
MoveFileW
LCMapStringW
CreatePipe
OpenProcess
CompareStringW
SetFilePointer
UnhandledExceptionFilter
CreateProcessW
LocalFree
GetTempPathA
GetACP
EnterCriticalSection
GetUserDefaultLangID
GetComputerNameW
GetModuleHandleW
FreeEnvironmentStringsW
TryEnterCriticalSection
GetProcessHeap
PeekNamedPipe
IsValidCodePage
SetFileAttributesW
ExitThread
CompareStringA
ExpandEnvironmentStringsW
DeleteCriticalSection
RaiseException
CloseHandle
InitializeCriticalSectionAndSpinCount
GetTempPathW
SetUnhandledExceptionFilter
GetConsoleOutputCP
CopyFileW
SetThreadPriority
SetEnvironmentVariableA
WaitForMultipleObjects
HeapFree
WriteConsoleA
RemoveDirectoryW
TlsAlloc
SetStdHandle
TlsGetValue
SetEnvironmentVariableW
ResetEvent
GetStdHandle
WaitForSingleObject
GetExitCodeThread
GetCurrentDirectoryW
GetUserDefaultLCID
GetConsoleMode
VirtualFree
HeapReAlloc
SetFileTime
GetFileType
LocalAlloc
WriteFile
ReleaseMutex
EnumSystemLocalesA
SetEndOfFile
GetOEMCP
CreateThread
DuplicateHandle
FreeLibrary
HeapAlloc
GetSystemTimeAsFileTime
SetHandleCount
CreateNamedPipeW
LCMapStringA
FindFirstFileW
GetCurrentProcess
VirtualAllocEx

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayDestroy
SafeArrayUnlock
VariantCopy
SysAllocString
SysFreeString
SafeArrayCopy
SafeArrayLock
VariantInit
SafeArrayGetVartype
SafeArrayGetLBound

resutils

ResUtilCreateDirectoryTree
ResUtilEnumResources
ResUtilSetExpandSzValue
ResUtilFindBinaryProperty
ResUtilSetPropertyParameterBlock
ResUtilIsResourceClassEqual
ResUtilGetBinaryProperty
ResUtilFindLongProperty

sti

DllCanUnloadNow
MigrateRegisteredSTIAppsForWIAEvents
StiCreateInstanceW
StiCreateInstance
DllRegisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 246KB - Virtual size: 974KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bdedc434c0e2df1206d7702bc711a18

Headers

File Characteristics

Imports

iphlpapi

user32

ole32

ws2_32

advapi32

winmm

kernel32

oleaut32

resutils

sti

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 246KB - Virtual size: 974KB

.rsrc Size: 1024B - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 246KB - Virtual size: 974KB

.rsrc
Size: 1024B - Virtual size: 2KB