110edb11526e6de7f1fdac7186e7c41e

Sharing

Copy URL Twitter E-mail

General

Target

110edb11526e6de7f1fdac7186e7c41e
Size

98KB
MD5

110edb11526e6de7f1fdac7186e7c41e
SHA1

c074dd4a6a051127038e5efdd39b2eab72176b66
SHA256

e119582ed23a7de23382ba298f7dccc80419b102209a14ee7a5b78b147aa4649
SHA512

c5f5afc01798a62940e5e44424719772e5c7b8df59e7e895e21d9dae8cb06506b63a392695844f20c608db2f031b23eec8aa1d600e344deab1ac2fd3dfe87ec9
SSDEEP

768:Od7374So74jWqo/Ec3XE59/EYmYVVhzk8E85UvIR6xfbDCouvjHR2iB39y1YdyuQ:Odv4d13Xo/EYJHNMxjVwR2YMrxQDe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
110edb11526e6de7f1fdac7186e7c41e

Files

110edb11526e6de7f1fdac7186e7c41e
.exe windows:4 windows x86 arch:x86

9523d4df02da4cf77b11313a6b615fca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
GetCurrentProcess
QueryPerformanceFrequency
GetSystemDirectoryA
LoadLibraryA
GetModuleFileNameA
TerminateProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CopyFileA
SetFileAttributesA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetShortPathNameA
SetProcessWorkingSetSize
ReadFile
SetFilePointer
GetComputerNameA
GetLocaleInfoA
GetTickCount
GetTempPathA
GetFileSize
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
WriteFile
CreateFileA
DeleteFileA
GetDateFormatA
GetTimeFormatA
OutputDebugStringA
GetStdHandle
SetConsoleTextAttribute
TerminateThread
CloseHandle
Sleep
CreateMutexA
ExitProcess
GetLastError
QueryPerformanceCounter

user32

GetKeyboardLayout
GetKeyboardState
GetKeyNameTextA
GetWindowTextA
ToAsciiEx
UnhookWindowsHookEx
DispatchMessageA
SetKeyboardState
GetMessageA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow

advapi32

OpenProcessToken
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegCreateKeyExA

shell32

ShellExecuteA

mpr

WNetCancelConnection2A
WNetAddConnection2A

msvcrt

system
atol
islower
strstr
malloc
sscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
strtok
toupper
strncpy
srand
__CxxFrameHandler
atoi
_snprintf
fclose
fprintf
fopen
printf
strncat
_vsnprintf
rand

netapi32

NetShareDel

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedStateEx
InternetCloseHandle

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
gethostbyaddr
inet_addr
recv
send
closesocket
connect
htons
socket
getsockname
ntohs
WSAIoctl
bind
WSASocketA
WSACloseEvent
shutdown
accept
listen
sendto
htonl

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

Sections

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9523d4df02da4cf77b11313a6b615fca

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

mpr

msvcrt

netapi32

wininet

ws2_32

ntdll

Sections

.bss Size: - Virtual size: 3KB

.data Size: 86KB - Virtual size: 85KB

.rsrc Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 3KB

.data
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 11KB - Virtual size: 11KB