2506f7e87ef0da4fe9c6860804473d1f

Sharing

Copy URL Twitter E-mail

General

Target

2506f7e87ef0da4fe9c6860804473d1f
Size

21KB
MD5

2506f7e87ef0da4fe9c6860804473d1f
SHA1

b7440344f322ed85fc6e7ee29b2e8174184cb624
SHA256

709465c05e0add513f83ba5bc41e3aeaf1449a867c97493faf7d154275c69b98
SHA512

b668572dd036dcfd098ffb3fe9422f0e41e57579a5a6d666acafed9d8e4f670a737d4e23525eb8a5d72b976ce6974fe7dcc7eab9b9f282371703184700751f8b
SSDEEP

192:/jjRVfvpskZ+KiYcV1cEyp1EA5yFy2JhJ2LfSDHcXVv6audsMWeqDNI7b7BCOcO4:v3r7iYKgpCciJ2bFv6i7IvNCOPGlX95L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2506f7e87ef0da4fe9c6860804473d1f

Files

2506f7e87ef0da4fe9c6860804473d1f
.exe windows:4 windows x86 arch:x86

bf125bb5ddcbfa904621f51983c02125

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
setsockopt
htonl
sendto
inet_addr
gethostbyname
recv
WSACleanup
WSAStartup
connect
WSAGetLastError
closesocket
socket
htons
send
WSAAsyncSelect

kernel32

HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateFileA
DeleteFileA
GetSystemDirectoryA
GetTickCount
SetFileAttributesA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetStartupInfoA
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
WinExec
ExitProcess
CopyFileA
CreateThread
Sleep
MoveFileExA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
GetModuleHandleA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
GetThreadContext
TerminateProcess
SetThreadContext
GetCommandLineA
VirtualProtectEx
ReadFile
GetFileSize
VirtualFree
GetCurrentProcess
WriteProcessMemory

user32

wsprintfA
DefWindowProcA
ExitWindowsEx
PostQuitMessage
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

OpenServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenSCManagerA
DeleteService

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

msvcrt

rand
strncpy
_stricmp
_itoa
atoi
strcspn
strstr
printf
sprintf
memmove
_strlwr
__CxxFrameHandler

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf125bb5ddcbfa904621f51983c02125

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp60

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.text Size: 512B - Virtual size: 512B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 512B