0439db9218354ca19f5af4c116ed910d

Sharing

Copy URL Twitter E-mail

General

Target

0439db9218354ca19f5af4c116ed910d
Size

69KB
MD5

0439db9218354ca19f5af4c116ed910d
SHA1

4ad9f4e5937c0055094fe0f627968b56e7376a96
SHA256

5b8fcac9cf17c77ac0e693f4944d9337ba7cb71dd8aedacd0de547c57ab3d2d0
SHA512

cbee4f45c2ce2b619241c23991eec54253d55d760277a7cd4fbe5d210acdf3188d3854af5ae6b4064e20b346460c5943704aa7cf1aba9a14c4acd07c20cdebc8
SSDEEP

1536:OlcvM2HDwYp3zoPUL6Y/hW99gnqGIK9hcafjCNzw9Zd4dCExtmzwJb1hcF:q2HsYBs4/09gnqGHdLCZ48CExtmzwJbU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0439db9218354ca19f5af4c116ed910d

Files

0439db9218354ca19f5af4c116ed910d
.exe windows:4 windows x86 arch:x86

4a1718e59e5a7276ad2f4719c3bdc515

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
inet_ntoa
ntohl
htonl
ioctlsocket
setsockopt
bind
listen
accept
getsockname
inet_addr
gethostbyname
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

CharLowerA

kernel32

GetEnvironmentStringsW
WideCharToMultiByte
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileA
Process32Next
DeleteFileA
SetFileAttributesA
TerminateProcess
OpenProcess
lstrcmpiA
Sleep
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
GetSystemDirectoryA
CreateProcessA
ExitThread
ExitProcess
GetTempPathA
ReleaseMutex
GetTickCount
CreateMutexA
SetHandleCount
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
OpenMutexA
SetErrorMode
CopyFileA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SetFileTime
GetFileTime
CreateFileA
SetEvent
LocalFree
LocalAlloc
TerminateThread
WaitForSingleObject
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
GetFileType
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
SetEndOfFile
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetFilePointer
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersionExA
WriteFile
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

advapi32

AdjustTokenPrivileges
DeleteService
ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetFolderPathA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a1718e59e5a7276ad2f4719c3bdc515

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

advapi32

shell32

version

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 16KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 16KB