fd8edc33611a7b8f191cf6d72913f7f6

Sharing

Copy URL

Twitter E-mail

General

Target

fd8edc33611a7b8f191cf6d72913f7f6
Size

151KB
MD5

fd8edc33611a7b8f191cf6d72913f7f6
SHA1

1ee223b840eb163ad74cf4c03c0cedd37c1be33e
SHA256

742246e234d3b4b30fa992fc15e9639521a56b4ce9d7930c9ae40ec67da1c6aa
SHA512

ecb026b0d69e246aa93b4bb5b21798c19b65228420e80bf20e67f7ecbb4b5e37c4b345aba2261403c6ff38c64fad97fec724675103530af581a1c1d783176607
SSDEEP

3072:LMWf/3nF86xa3/hJdLrU2PuBllkqfWmt54wsAJy508cUOTl4+wNDXc:XHFdQtTGBllpWGVZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8edc33611a7b8f191cf6d72913f7f6

Files

fd8edc33611a7b8f191cf6d72913f7f6
.exe windows:4 windows x86 arch:x86

9c30d19bab28ab6c3c20e2d673e0e9a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
DuplicateHandle
PeekNamedPipe
GetExitCodeProcess
GetEnvironmentVariableA
ResetEvent
FindFirstChangeNotificationA
DeleteFileA
OpenMutexA
CreateMutexA
ReleaseMutex
GetVolumeInformationA
InitializeCriticalSection
EnterCriticalSection
GetProfileStringW
VirtualProtect
lstrcmpiA
lstrcmpA
LCMapStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetVersion
GetLastError
CloseHandle
ReadFile
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

user32

MapWindowPoints
FrameRect
ClientToScreen
RegisterClassExA
GetWindowTextLengthA
ValidateRect
PostMessageA
IsDialogMessageA
LoadBitmapA
CheckDlgButton
SendMessageA
SetWindowTextA
GetIconInfo
InvalidateRect
GetSystemMetrics
DestroyMenu
BeginPaint
EmptyClipboard
SystemParametersInfoA

ws2_32

WSACreateEvent
WSAConnect
socket
setsockopt
getservbyname
WSASocketA
getprotobynumber

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 778KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c30d19bab28ab6c3c20e2d673e0e9a2

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 56KB - Virtual size: 778KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 56KB - Virtual size: 778KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 2KB