0059af50e6c994295a5093f0c4179f02

Sharing

Copy URL

Twitter E-mail

General

Target

0059af50e6c994295a5093f0c4179f02
Size

72KB
MD5

0059af50e6c994295a5093f0c4179f02
SHA1

c48c039b128733f7c450380dde479742d4ad7709
SHA256

70747ce1b4475eead17ca3b72dedecb2a53b9e5653f90b517a750a91af2b3933
SHA512

489ba74f530b08f7cd7e97f56cb1e0749dbd59d48fd28794d06c0b130a65ad5194e4f79608d5edd681df3c7d0f102f26b29d59cf66f383a473f757c878412005
SSDEEP

1536:JI+79ksqDICf8ePNFjqDGMx71wGGCcn+zRkix347:JqPDICkePNF+GMxe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0059af50e6c994295a5093f0c4179f02

Files

0059af50e6c994295a5093f0c4179f02
.exe windows:1 windows x86 arch:x86

ec3ae212d1b994c1247bdd78e398debe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ReadFile
GlobalMemoryStatus
RtlUnwind
ExitProcess
CloseHandle
GetFileAttributesA
GetLocalTime
GetLastError
EnterCriticalSection
TlsSetValue
DeleteFileA
TlsAlloc
GetFileType
InitializeCriticalSection
TerminateThread
SetFilePointer
SetConsoleCtrlHandler
GetStdHandle
GetVersion
GetEnvironmentStrings
CreateFileA
UnhandledExceptionFilter
CreateThread
TlsGetValue
TlsFree
GetModuleHandleA
ExitThread
RaiseException
LeaveCriticalSection
GetStartupInfoA
GetCommandLineA
GetProcAddress
GetModuleFileNameA
SetHandleCount
GetCurrentThreadId
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteFile
GetVersionExA

user32

EnumThreadWindows
EndDialog
DispatchMessageA
DestroyWindow
CreateWindowExA
CreateDialogParamA
CheckRadioButton
GetCursorPos
SendMessageA
TranslateMessage
ShowWindow
SendDlgItemMessageA
PostQuitMessage
MessageBoxA
IsDlgButtonChecked
DialogBoxParamA
GetMessageTime
GetMessageA
GetDlgItem

wsock32

socket
send
recv
inet_addr
htons
gethostbyname
connect
closesocket
WSAStartup
WSAGetLastError
WSACleanup

comctl32

InitCommonControls

Exports

Exports

@AboutDlgProc$qqspvuiuil
@MainDlgProc$qqspvuiuil
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec3ae212d1b994c1247bdd78e398debe

Headers

File Characteristics

Imports

kernel32

user32

wsock32

comctl32

Exports

Exports

Sections

CODE Size: 37KB - Virtual size: 40KB

DATA Size: 8KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 8KB

.debug Size: 15KB - Virtual size: 16KB

CODE
Size: 37KB - Virtual size: 40KB

DATA
Size: 8KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB

.debug
Size: 15KB - Virtual size: 16KB