fe42084efc94bb9cd770f082dc227998

Sharing

Copy URL Twitter E-mail

General

Target

fe42084efc94bb9cd770f082dc227998
Size

220KB
MD5

fe42084efc94bb9cd770f082dc227998
SHA1

4913a54a3cafbc79ed01a7f9ca8ab18d8d2648af
SHA256

6c99b8f301539d3b8e1dd2b58d3bfe541156d5ff6b8e32e97f036df2b02a46d6
SHA512

54f19865682fd72908552c260f17b7757b16aabcfa0192ebfd5a9e0432d4e35fee9523ad31d678b96bfca96e2a34e4aa42287ea610494a49d834e30038746f11
SSDEEP

6144:NwSDLisHUg6MnCQlwSlVYGOWLhbIIKednkeIa88:+0UgtnhBlVpOWFMAnkXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe42084efc94bb9cd770f082dc227998

Files

fe42084efc94bb9cd770f082dc227998
.exe windows:4 windows x86 arch:x86

6878b54e3f0e7d7e6d4556505d69d858

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetMessageBufferSend

ws2_32

listen
WSAAccept
WSACleanup
inet_addr
gethostname
gethostbyname
htonl
htons
bind
WSASocketW
WSACreateEvent
WSACloseEvent
WSAResetEvent
WSARecv
WSAGetLastError
WSAWaitForMultipleEvents
WSAGetOverlappedResult
shutdown
closesocket
WSAStartup
recv
WSASend

kernel32

SetEndOfFile
GetModuleHandleW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetDateFormatW
GetTimeFormatW
OpenProcess
GetCurrentThreadId
GetCurrentProcess
LocalFree
FormatMessageW
CreateMutexW
LocalAlloc
OpenEventW
TerminateThread
InterlockedCompareExchange
GetTickCount
InterlockedExchangeAdd
GetPrivateProfileStringW
WritePrivateProfileStringW
RemoveDirectoryW
GetTempPathW
CreateIoCompletionPort
PostQueuedCompletionStatus
LoadLibraryExW
GetComputerNameW
IsBadReadPtr
SetProcessWorkingSetSize
GetCurrentProcessId
SetFilePointer
DeviceIoControl
GetModuleFileNameW
DeleteFileW
MoveFileW
QueryDosDeviceW
GetFileAttributesW
QueryPerformanceCounter
WaitForMultipleObjects
CreateProcessW
GetQueuedCompletionStatus
GetStartupInfoW
GetExitCodeProcess
CreateSemaphoreW
ReleaseSemaphore
QueryPerformanceFrequency
GetSystemInfo
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
VirtualProtect
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
ExitProcess
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
SetFileAttributesW
WriteFile
CreateDirectoryW
FindFirstFileW
ResetEvent
FindNextFileW
FindClose
SetErrorMode
GetDriveTypeW
GetVolumeInformationW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetFileSize
ReadFile
CreateEventW
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
InterlockedDecrement
GetLocalTime
SetEvent
GetLastError
CloseHandle
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
GetTimeZoneInformation
IsBadCodePtr
HeapSize
CreateFileA
SetStdHandle
SetUnhandledExceptionFilter
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
Beep
DeleteFileA
LoadLibraryA
RaiseException
HeapFree
RtlUnwind
HeapAlloc
ExitThread
CreateThread
ResumeThread
MoveFileA
GetSystemTimeAsFileTime
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

GetWindowThreadProcessId
wsprintfW
LoadStringW
OemToCharBuffW
CharUpperW
GetForegroundWindow

advapi32

GetSecurityInfo
GetSecurityDescriptorDacl
GetUserNameW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
CreateProcessAsUserW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
EqualSid
LookupAccountSidW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
SetThreadToken
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6878b54e3f0e7d7e6d4556505d69d858

Headers

File Characteristics

Imports

version

netapi32

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 22KB - Virtual size: 22KB