18a7810725071c4adeaf48ab56708013

Sharing

Copy URL

Twitter E-mail

General

Target

18a7810725071c4adeaf48ab56708013
Size

190KB
MD5

18a7810725071c4adeaf48ab56708013
SHA1

3a6b9ec260bf67cd90ac8dc821c5930f0495feb5
SHA256

dba2723de2eccce8f07757662447c6a09c781a1e7c238485c48210fc82c92d93
SHA512

f34a6c36d9874a9cbf74b33c52ac9b44fb1f1a17c9d3dc566985eeb5d6b2de783e6f6fd145303e13a5306be7091e7fede893c89e249687ac355904a48c73d52f
SSDEEP

3072:FNVS+c0vklGVbyDhXwEgJyZU/hPnvo7xJ5Ly1JW5X5do:FNI+hivhbxZU/67xfLCw57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a7810725071c4adeaf48ab56708013

Files

18a7810725071c4adeaf48ab56708013
.exe windows:5 windows x86 arch:x86

7867f56d313679e4084dbfc96fa7b3d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

wsock32

WSACleanup
recv
setsockopt
ioctlsocket
gethostbyname
inet_ntoa
WSAStartup
htons
socket
connect
send
closesocket

urlmon

URLDownloadToFileA

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileA
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
ExitThread
Sleep
CreateThread
WinExec
ExpandEnvironmentStringsA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFullPathNameA
GetCurrentDirectoryA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7867f56d313679e4084dbfc96fa7b3d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

wsock32

urlmon

kernel32

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 14KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 14KB