06624cce9ee7f92830e5496966af92c3

Sharing

Copy URL Twitter E-mail

General

Target

06624cce9ee7f92830e5496966af92c3
Size

24KB
MD5

06624cce9ee7f92830e5496966af92c3
SHA1

919eebc83602e5c65c3a01c3aee1fe52a8e83ee9
SHA256

3c888d6c4eac3bdafc73edd2934632b5f205edbbfcc7a6b2cfc56054227c18a0
SHA512

81ae2bb2ed957b01824c765810a9661f49d357145dd9e082f9fee2d64a3a4fb0609f4b6eada2c4fc7f6da60db1b8bd9090ed2e7ed121e8b54ccbbc00968ffaa5
SSDEEP

384:F9bRMWmVVy1SVJmjZ9UqquMBa1OxMHCOPGlX9wQocOM/x:/Tm2p90PBmGMHCIGZoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06624cce9ee7f92830e5496966af92c3

Files

06624cce9ee7f92830e5496966af92c3
.exe .vbs windows:4 windows x86 arch:x86 polyglot

23395003fa307bd8a05c06b1f3008734

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
setsockopt
htonl
sendto
inet_addr
gethostbyname
recv
WSACleanup
WSAStartup
connect
WSAGetLastError
closesocket
socket
htons
WSAAsyncSelect
send

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateFileA
DeleteFileA
GetSystemDirectoryA
GetTickCount
SetFileAttributesA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
HeapFree
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
WinExec
ExitProcess
CopyFileA
CreateThread
Sleep
MoveFileExA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
GetModuleHandleA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
GetThreadContext
TerminateProcess
SetThreadContext
WriteProcessMemory
GetStartupInfoA
ReadFile
GetFileSize
VirtualFree
GetCommandLineA
lstrcatA
VirtualProtectEx

user32

wsprintfA
DefWindowProcA
ExitWindowsEx
PostQuitMessage
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

DeleteService
OpenSCManagerA
ControlService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

strncpy
_stricmp
_itoa
__CxxFrameHandler
rand
strcspn
strstr
printf
sprintf
memmove
puts
_strlwr
atoi

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23395003fa307bd8a05c06b1f3008734

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp60

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB