194159e22ed7c8e3c58dad1fbab54973

Sharing

Copy URL Twitter E-mail

General

Target

194159e22ed7c8e3c58dad1fbab54973
Size

18KB
MD5

194159e22ed7c8e3c58dad1fbab54973
SHA1

f2e0f98c59a9e3b215f68252bf284f90f3c54356
SHA256

f4c7cb5578a89f28adf60d63e965b8adc11e32ce00037cac1272becccee68617
SHA512

ba929d5e37d30d80ce4f1f3aa06e53581448f53464ba02c163cfe864ca0ca7a7040c62bfc6229dad87631d24cae618ee60abc66d1d8bb52fe4e57c2e36a9eb12
SSDEEP

384:etXtkYpFvh8RlI85j85qjePlq3Cxr+oI:eRtXplhj/QCA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
194159e22ed7c8e3c58dad1fbab54973

Files

194159e22ed7c8e3c58dad1fbab54973
.exe windows:4 windows x86 arch:x86

f26e58a1676e02dddb515ad3e0c3eb38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord540
ord2846
ord2818
ord537
ord2764
ord6648
ord4129
ord800
ord2915

msvcrt

__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
_controlfp
_adjust_fdiv
_XcptFilter
_exit
atoi
strchr
strtok
exit
time
srand
rand
printf
strstr
_stricmp
_except_handler3
strncmp
__CxxFrameHandler

kernel32

GetTickCount
HeapAlloc
GetProcessHeap
TerminateThread
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
GetCurrentProcessId
GetStartupInfoA
SetFileAttributesA
GetLastError
lstrlenA
GetVersionExA
GlobalMemoryStatus
GetTempPathA
SetLocalTime
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
CopyFileA
GetSystemDirectoryA
CloseHandle
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
WinExec
CreateThread
ExitThread
Sleep
lstrcpyA

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA

ws2_32

gethostname
WSAStartup
sendto
htons
setsockopt
WSASocketA
htonl
connect
send
inet_ntoa
closesocket
WSAGetLastError
recv
__WSAFDIsSet
select
inet_addr
socket
gethostbyname

urlmon

URLDownloadToFileA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f26e58a1676e02dddb515ad3e0c3eb38

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comdlg32

advapi32

ws2_32

urlmon

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 243KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 243KB