067da73cd3f83eee20b80585729d0a9e

Sharing

Copy URL

Twitter E-mail

General

Target

067da73cd3f83eee20b80585729d0a9e
Size

239KB
MD5

067da73cd3f83eee20b80585729d0a9e
SHA1

8cbf1b2850802f42bdf247823d69730d17a703ec
SHA256

db83af34a14bad3fdcf03a6c832b8792ae1182407dc2ce73e892a6147ccb7661
SHA512

951dfe6bb815839537f78ac696edf79374c60883e255838d0315cb973c760e4293041970249cf76baebccefecc89ffeba493c6bae06dd9e4b3b9ccfd0ccdcc1b
SSDEEP

1536:caHeP8mZxWSEeJek/shDcn23BUO8zChA/nFIOhT+qA:XHeP8OdEesk/sBt8zX/FIOhq/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067da73cd3f83eee20b80585729d0a9e

Files

067da73cd3f83eee20b80585729d0a9e
.exe windows:4 windows x86 arch:x86

05f01892576dc6071d935f3de3d3dcc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
gethostbyname
connect
closesocket
WSAStartup
WSACleanup
socket
send
WSAIoctl
closesocket
send

advapi32

RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
RegOpenKeyA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
DeleteService
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
RegDeleteKeyA
GetUserNameA
RegCloseKey

kernel32

lstrlenW
CloseHandle
lstrlen
lstrcpyn
lstrcpy
lstrcmpi
lstrcmp
lstrcat
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
SetErrorMode
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTickCount
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetFullPathNameA
GetFileSize
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcess
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateThread
CreateFileMappingA
CreateFileA
CopyFileA
ExpandEnvironmentStringsA
GetDiskFreeSpaceExA
GetComputerNameA
GetVolumeInformationA
OpenProcess
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
ExitProcess

ntdll

RtlGetLastWin32Error

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemFree

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA
RasEnumEntriesA

shlwapi

StrRChrA
StrStrIA
PathFileExistsA
StrCmpNA
StrRChrA

user32

wsprintfA
GetDC
SetActiveWindow
ReleaseDC
FindWindowA
FindWindowExA
SendMessageA
GetDlgCtrlID
GetDC

wininet

InternetGetConnectedState
InternetGetConnectedState

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

shfolder

SHGetFolderPathA

gdi32

GetDeviceCaps

Sections

BuzzME
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05f01892576dc6071d935f3de3d3dcc0

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

ntdll

ole32

rasapi32

shlwapi

user32

wininet

psapi

shfolder

gdi32

Sections

BuzzME Size: 238KB - Virtual size: 238KB

BuzzME
Size: 238KB - Virtual size: 238KB