217999964afe690db7fcb9ccde296d8d

Sharing

Copy URL Twitter E-mail

General

Target

217999964afe690db7fcb9ccde296d8d
Size

211KB
MD5

217999964afe690db7fcb9ccde296d8d
SHA1

7fb7fb724fe9fdc233eef77024fddd60c0e0cc76
SHA256

571ad4a250198b3875589c2e524b915b5da850b5b39b463e349a6decbb78e8bd
SHA512

b880778aa45e5279d6d6fd9ad34aa5940b01976a064238f68009e1472d3ad8ec04b459ac3ffc7ba4d765af9aa09d1cc514c4f3da5b7881a3496e97b1aea0f2c0
SSDEEP

3072:kYMqqaabDXSOaIkJ/U7CHpSPJB15Mr5eo5gpXq7frTkL65vbv2u76vf8:d3abeOXkJ/NpIBe5gY7Vbvxe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
217999964afe690db7fcb9ccde296d8d

Files

217999964afe690db7fcb9ccde296d8d
.dll windows:4 windows x86 arch:x86

e427d94cd807ac1519ec76dea7212dcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ws2_32

socket
setsockopt
inet_addr
htons
WSAStartup

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA

kernel32

CheckRemoteDebuggerPresent
CloseHandle
CreateFileA
CreateFileMappingA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQuery
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

psapi

GetModuleBaseNameA

Exports

Exports

___CPPdebugHook

Sections

.text
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e427d94cd807ac1519ec76dea7212dcc

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

user32

psapi

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 140KB

.data Size: 23KB - Virtual size: 40KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 8KB

.vmp0 Size: 6KB - Virtual size: 8KB

.vmp1 Size: 28KB - Virtual size: 28KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 140KB

.data
Size: 23KB - Virtual size: 40KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB

.vmp0
Size: 6KB - Virtual size: 8KB

.vmp1
Size: 28KB - Virtual size: 28KB

.reloc
Size: 6KB - Virtual size: 5KB