08ab0db8b49f8f2d1fdefdb7ad8f4ec2

Sharing

Copy URL Twitter E-mail

General

Target

08ab0db8b49f8f2d1fdefdb7ad8f4ec2
Size

208KB
MD5

08ab0db8b49f8f2d1fdefdb7ad8f4ec2
SHA1

4ec675e78110cf29884da3bec14463336627edda
SHA256

cd28c6e626ab47eeb0eb2e56dfcb3db56c8340b9dacbc9300a8b2bca31ecb790
SHA512

0c51421f3ee7df11553845243b0eb207804b46d9f6eb3331494b6dbcf21bb96ff0a83662a6c7f58f30a3116fb452b7248dbdc211178dcc7f8b1bda91e43bbc93
SSDEEP

6144:Hk+4Ddf+5gr+fAf+5gd+fAf+5gZ+fAfufxJC8l5XsFxmdeaomlMsP:HuDdf+5gr+fAf+5gd+fAf+5gZ+fAfufS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08ab0db8b49f8f2d1fdefdb7ad8f4ec2

Files

08ab0db8b49f8f2d1fdefdb7ad8f4ec2
.exe windows:4 windows x86 arch:x86

47bc0e861b3a9404069d8848a622d968

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetBestInterface
GetAdaptersInfo
GetNumberOfInterfaces

ws2_32

WSACloseEvent
closesocket
inet_ntoa
WSAGetOverlappedResult
WSAResetEvent
WSARecv
WSASocketA
WSACreateEvent
getsockname
getsockopt
socket
WSACleanup
WSAStartup
ioctlsocket
gethostbyname
__WSAFDIsSet
recvfrom
shutdown
ntohs
inet_addr
setsockopt
bind
htonl
ntohl
WSAGetLastError
gethostname
recv
send
htons
connect
select
sendto

sginet

SGInetClose
SGInetInit

mfc42

ord825
ord823

msvcrt

malloc
strrchr
isdigit
atoi
strchr
strncpy
strncmp
rand
strtok
realloc
strpbrk
rewind
wcslen
swprintf
_getpid
strncat
toupper
fread
isspace
_strnicmp
_stricmp
_ftime
_iob
isalpha
fflush
vfprintf
__CxxFrameHandler
_ftol
_CIpow
_findclose
_findnext
_findfirst
_strdup
_read
localtime
fwrite
srand
time
_setmode
isxdigit
islower
rename
_unlink
_access
exit
abort
isupper
ispunct
iscntrl
isalnum
fseek
ftell
__dllonexit
_onexit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
fprintf
isprint
sprintf
_local_unwind2
fopen
calloc
fgets
strstr
fclose
_except_handler3
free
_vsnprintf
_write
_stat
_itoa
_fstat
tolower
_errno

kernel32

CreateThread
CloseHandle
Sleep
WaitForSingleObject
ReleaseMutex
MoveFileExA
GetLocalTime
CreateMutexA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
DeleteCriticalSection
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentProcessId
GetComputerNameA
GetPrivateProfileStringA
GetCurrentThreadId
SetErrorMode
GetTempPathA
CreateFileA
CreateDirectoryA
InitializeCriticalSection

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

netapi32

NetUserEnum
NetApiBufferFree

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47bc0e861b3a9404069d8848a622d968

Headers

File Characteristics

Imports

iphlpapi

ws2_32

sginet

mfc42

msvcrt

kernel32

user32

advapi32

msvcp60

netapi32

mpr

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 28KB - Virtual size: 455KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 28KB - Virtual size: 455KB

.rsrc
Size: 4KB - Virtual size: 1KB