22f7c1ff853a69ee02e5096c2597cf1c

Sharing

Copy URL

Twitter E-mail

General

Target

22f7c1ff853a69ee02e5096c2597cf1c
Size

100KB
MD5

22f7c1ff853a69ee02e5096c2597cf1c
SHA1

0750065764c5b56bd23793bd22fe36a338caaa05
SHA256

3326436e204e83cefd388570f5cc2265676e050b0a212857e70da64e90a47c1d
SHA512

42dd106a55985885478130705c68fe853677ddd85bf3a724bc54e8a2627341fe6dfee526253f49760d5a1d5b0ed97ea0f6c7115fbf8201e0e7ded38f4409a511
SSDEEP

1536:QKY+e0TKbXIIrYtkPprBAqytw8dXrsQ/wFRHB9pNq3Dvftg2yHr:QKetrY6PhKqkw0rsQ/8j9vCftnyHr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22f7c1ff853a69ee02e5096c2597cf1c

Files

22f7c1ff853a69ee02e5096c2597cf1c
.exe windows:4 windows x86 arch:x86

f00a4bd3fa86187b60a9d68791c08873

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
ResumeThread
GetShortPathNameA
lstrlenA
GetLastError
CopyFileA
GetSystemDirectoryA
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
ExitThread
WaitForSingleObject
CloseHandle
CreateThread
GetModuleFileNameA
SetFileAttributesA
GetVersionExA
GlobalMemoryStatus
GetEnvironmentVariableA
Sleep

user32

wsprintfA

advapi32

StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CreateServiceA

mfc42

ord800
ord2764
ord2846
ord537
ord6877
ord939
ord2818
ord4278
ord860
ord6663
ord858
ord535
ord540
ord924
ord926

msvcrt

printf
srand
time
atoi
strncmp
_except_handler3
__dllonexit
_onexit
rand
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strstr
free
exit
_exit
__CxxFrameHandler
_itoa

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

ws2_32

send
WSAGetLastError
recv
connect
htons
closesocket
WSAStartup
sendto
htonl
setsockopt
WSASocketA
inet_addr
socket
gethostbyname

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f00a4bd3fa86187b60a9d68791c08873

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

ws2_32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB