05e3785997d780474c46c5979e4ced34

Sharing

Copy URL

Twitter E-mail

General

Target

05e3785997d780474c46c5979e4ced34
Size

113KB
MD5

05e3785997d780474c46c5979e4ced34
SHA1

f9bb80ba4276dc7649073ecfe1b4df9b198822cc
SHA256

b2cdb378092e9dd39402cd6deb9eafcf9aaa5277ca7528c18cb760e85dde9515
SHA512

96789a5bea86e8e86d37046de74e6a057cdf5ebb2d32334b293d839bc7e6ddd5898cf374fb500588adec755255be6028dd0d6ee414adb5acbc256fb640482d81
SSDEEP

1536:BbsgEEUy2pBsxX/5M0WAa+wJx2V0AuKgiuLau9S4A6I6:BIFVM5z2XJAVNWixV36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e3785997d780474c46c5979e4ced34

Files

05e3785997d780474c46c5979e4ced34
.exe windows:5 windows x86 arch:x86

d6dc69321c90c4ab169c6ea9c010d14d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
select
__WSAFDIsSet
WSASocketA
htonl
inet_ntoa
listen
accept
recv
send
inet_addr
gethostbyname
htons
socket
connect
closesocket
gethostname
WSARecv
WSAStartup
bind
ioctlsocket

kernel32

CreateThread
lstrlenA
GetCommandLineA
lstrcpyA
GetLastError
CreateMutexA
OpenMutexA
ExpandEnvironmentStringsA
lstrcatA
GetVersionExA
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
CloseHandle
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
RtlUnwind
GetCurrentProcessId
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
Sleep
lstrlenW
GetPrivateProfileIntA
GetWindowsDirectoryA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
WideCharToMultiByte
GetSystemTimeAsFileTime
GetFileAttributesExA
SetFilePointer
ReadFile
GetTickCount
lstrcmpA
GetLogicalDrives
GetDriveTypeA
SetThreadPriority
ResumeThread
IsBadStringPtrA
GetVersion
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
ExitThread
SetEvent
WaitForSingleObject
OpenFileMappingA
TerminateThread
CreateEventA
VirtualAlloc
CreateProcessA
ExitProcess
LocalFree
QueryPerformanceCounter
UnmapViewOfFile
lstrcmpiA
InitializeCriticalSection
DeleteCriticalSection
IsBadReadPtr
GetTempPathA
GetTempFileNameA
WriteFile
VirtualFree

user32

wsprintfA

advapi32

RegEnumKeyExA
GetCurrentHwProfileA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

SHGetFolderPathA

mapi32

ord11
ord19
ord140
ord21
ord23
ord17
ord75

dnsapi

DnsFree
DnsQuery_A

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetGetConnectedState
InternetConnectA
InternetOpenA

shlwapi

PathIsDirectoryA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6dc69321c90c4ab169c6ea9c010d14d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

mapi32

dnsapi

wininet

shlwapi

ole32

Sections

.text Size: 86KB - Virtual size: 86KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 3KB - Virtual size: 12KB

.text
Size: 86KB - Virtual size: 86KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 12KB