0239fd322328537cff4f100b81e83a4b

Sharing

Copy URL Twitter E-mail

General

Target

0239fd322328537cff4f100b81e83a4b
Size

116KB
MD5

0239fd322328537cff4f100b81e83a4b
SHA1

d30b671ed7201dad7b5c0b0005aea836f389d701
SHA256

8d3d0b1958ee756ae3d4d69ff6590a806ee8bb2dbe2316132901a4cb0f8b74fc
SHA512

0e22990f5f5aee592ddb66f22fa1aff056f488b98a3d814032de13ca812fec9f7f6d8f4756c7ec8fe5441a2eddbb1af0d6464fcd66a2e378e2666042b2055a82
SSDEEP

3072:XkwetT20jLmG/5XLO5oXCBZXGVxGokGCmz+l:RkvjLvJq5oSDXWVCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0239fd322328537cff4f100b81e83a4b

Files

0239fd322328537cff4f100b81e83a4b
.exe windows:4 windows x86 arch:x86

a33bdbe91a8c3bb6dff0882a842a88ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

wsock32

ioctlsocket
recv
WSAStartup
send
shutdown
closesocket
gethostbyaddr
gethostbyname
htons
socket
connect
WSAAsyncSelect

kernel32

_lopen
_lclose
_llseek
GetFileSize
_lwrite
SetStdHandle
_lread
SetFileAttributesA
TerminateThread
GetExitCodeThread
GetLocalTime
LCMapStringA
LCMapStringW
FlushFileBuffers
CloseHandle
DeleteFileA
HeapReAlloc
GetCurrentDirectoryA
GetSystemTime
GetStringTypeA
VirtualAlloc
MultiByteToWideChar
GetACP
GetStringTypeW
GetCPInfo
SetCurrentDirectoryA
GetOEMCP
CreateThread
_lcreat
SetEndOfFile
RtlUnwind
VirtualFree
GetLastError
HeapCreate
HeapDestroy
HeapFree
SetHandleCount
GetEnvironmentStringsW
GetFileType
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
HeapValidate
SetFilePointer
HeapAlloc
FreeEnvironmentStringsA
IsBadReadPtr
IsBadWritePtr
GetModuleFileNameA
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
TerminateProcess
ExitProcess

user32

GetDesktopWindow
GetWindowTextA
SendMessageA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowRect
SetWindowPos
UpdateWindow
GetDlgItem
GetDlgItemTextA
GetWindowTextLengthA
DispatchMessageA
TranslateMessage
GetMessageA
SetDlgItemInt
ShowWindow
CreateDialogParamA
FrameRect
DrawIcon
GetDC
CreateWindowExA
FillRect
ReleaseDC
CopyRect
WindowFromDC
SetTimer
GetDlgItemInt
GetSystemMetrics
EndDialog
SetWindowTextA
SetFocus
DestroyWindow
DialogBoxParamA
SetForegroundWindow
KillTimer
BeginPaint
EndPaint
LoadCursorA
DefWindowProcA
LoadIconA
MessageBoxA
RegisterClassA
GetClientRect
IsCharAlphaNumericA
IsCharAlphaA
DrawTextA

gdi32

DeleteObject
SelectObject
MoveToEx
LineTo
SaveDC
GetTextExtentPoint32A
CreatePen
SetTextColor
CreateFontIndirectA
SetBkMode
SetBkColor
GetStockObject
CreateSolidBrush
RestoreDC

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

Shell_NotifyIconA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a33bdbe91a8c3bb6dff0882a842a88ad

Headers

File Characteristics

Imports

comctl32

wsock32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 16KB - Virtual size: 12KB