08451a7924f903c41d4cc7167c9c9be6

Sharing

Copy URL Twitter E-mail

General

Target

08451a7924f903c41d4cc7167c9c9be6
Size

99KB
MD5

08451a7924f903c41d4cc7167c9c9be6
SHA1

098b475913341ad2c7a996a06a8870a9a99d0564
SHA256

e42cbe3b71ecc272cba62115ba20d5403c5774ebded61ac2bf3950d7b2861adb
SHA512

b5b8c2cd5481fc4338221197d2ae9b80c7f0c4993289821fa624f826fa5a7b64d3fb46a627a4535eb98a4b3e21f6b739220af5bf3b941b10b6fa1f0750c7e34a
SSDEEP

1536:ixz7fRYvRzdHN4Ls1IsvwCNfdvcRDWtlnhgDK545MT8CE11Sw9TDJT8tInK6x:mRAN1ICwC7ER6tL8fS2DJT8tIn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08451a7924f903c41d4cc7167c9c9be6

Files

08451a7924f903c41d4cc7167c9c9be6
.exe windows:4 windows x86 arch:x86

7408e6f14f5e9b1d22fde47a254139c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
inet_ntoa
ioctlsocket
ntohl
htonl
getsockname
gethostbyname
WSAStartup
select
inet_addr
connect
send
recv
closesocket
htons
socket
setsockopt
bind
listen
accept
WSACleanup

shell32

SHGetFolderPathA

advapi32

RegQueryValueExA
RegDeleteValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA

kernel32

FlushFileBuffers
SetStdHandle
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
LCMapStringA
FreeEnvironmentStringsA
UnhandledExceptionFilter
RaiseException
SetFilePointer
GetStartupInfoA
GetFileType
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
CompareStringA
CompareStringW
FreeEnvironmentStringsW
GetVersionExA
GetStdHandle
SetHandleCount
HeapReAlloc
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileA
DeleteFileA
SetFileAttributesA
TerminateProcess
OpenProcess
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
ExitProcess
CreateProcessA
ExitThread
CreateThread
GetModuleFileNameA
WaitForSingleObject
CreateMutexA
GetTickCount
GetTempPathA
GetLastError
CreateDirectoryA
SetEnvironmentVariableA
TerminateThread
ExpandEnvironmentStringsA
GetFileAttributesA
GetModuleHandleA
WriteFile
CreateFileA
LoadLibraryA
GetProcAddress
CreateEventA
ReadFile
CopyFileA
MultiByteToWideChar
SetFileTime
GetFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA

user32

CharLowerA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7408e6f14f5e9b1d22fde47a254139c8

Headers

File Characteristics

Imports

ws2_32

shell32

advapi32

wininet

kernel32

user32

version

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 30KB - Virtual size: 44KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 30KB - Virtual size: 44KB

.rsrc
Size: 512B - Virtual size: 16B