194ced82025817701d498966d3706a39

Sharing

Copy URL Twitter E-mail

General

Target

194ced82025817701d498966d3706a39
Size

116KB
MD5

194ced82025817701d498966d3706a39
SHA1

8fa3ffa315c9a88e3d756844e45c75ceae026dac
SHA256

caac5a99c247cbbf448bcfc8d6ba602405933035241aa33cb46087048efcf7a8
SHA512

295c98913f8946945f015627562c2beddd184697dd235d32c5eef08e3b29165a6354219b0bf45dde1a5fd35798c17b23d734bbb881f56adb870737b1a1402dec
SSDEEP

3072:1emsV4f1svWWxfJlKxHw5+puijAntV9WXQg8DNulVrK:1em4vrhMxHk+E3ntV9SQg8x9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
194ced82025817701d498966d3706a39

Files

194ced82025817701d498966d3706a39
.exe windows:4 windows x86 arch:x86

efaeec31ae59ce7137a1f286d50b4c81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

ws2_32

gethostbyaddr
gethostbyname
getsockname
inet_addr
listen
sendto
recv
send
WSAStartup
WSACleanup
inet_ntoa
socket
htons
ioctlsocket
connect
select
closesocket
accept
bind

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

kernel32

GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
ReadFile
GetStringTypeW
GetStringTypeA
HeapSize
SetFilePointer
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
Sleep
CreateThread
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
CreateProcessA
GetSystemDirectoryA
ExitProcess
WaitForSingleObject
CreateMutexA
GetTempPathA
GetModuleHandleA
GetLocalTime
GetComputerNameA
TerminateThread
DeleteFileA
ExpandEnvironmentStringsA
CloseHandle
WriteFile
CreateFileA
GetVersionExA
GlobalMemoryStatus
UnmapViewOfFile
MapViewOfFile
LCMapStringW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
RtlUnwind
InterlockedExchange
SetEndOfFile
GetLocaleInfoA
LCMapStringA
CopyFileA
CreateFileMappingA
IsBadWritePtr
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

SendMessageA
FindWindowA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

efaeec31ae59ce7137a1f286d50b4c81

Headers

File Characteristics

Imports

mpr

ws2_32

wininet

kernel32

user32

advapi32

shell32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 11KB - Virtual size: 134KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 11KB - Virtual size: 134KB