240b66d79527fc0a583a24f7bfd799a6

Sharing

Copy URL Twitter E-mail

General

Target

240b66d79527fc0a583a24f7bfd799a6
Size

21KB
MD5

240b66d79527fc0a583a24f7bfd799a6
SHA1

74757de39b87cefa80697507e6a9d57e2c44fa40
SHA256

9787b12a7005e51d8eed878c1e6bcfb7d7a77515a988b223b3a2d1a43219c438
SHA512

e790690cc229059a63f668d1b3637bb8fca713c99da91aa1af39b092bd57e071bea86d4915af8bba0c28353a1b485094fb92900bd703f84ded9c19702a9ccd7e
SSDEEP

384:1rir7ryn1X3ljR5xoYSd+2zT3p8JqhriVnRusjK546uZW95JspdiVw7wpi7ZwHhI:Bir7ryllt5xw+2zT3p8JqoVDjK546uZb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
240b66d79527fc0a583a24f7bfd799a6

Files

240b66d79527fc0a583a24f7bfd799a6
.exe windows:4 windows x86 arch:x86

6dd0242cb111b48471f89752ba4935fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

msvcrt

__dllonexit
_onexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
fwrite
_strdup
malloc
strtok
realloc
??2@YAPAXI@Z
??3@YAXPAX@Z
free
strchr
srand
rand
_vsnprintf
printf
_beginthread
strstr
_snprintf
fopen
fprintf
fclose
calloc
_endthread
??1type_info@@UAE@XZ
_CxxThrowException
wcslen
strncpy
strncmp
_controlfp

kernel32

WideCharToMultiByte
LocalFree
CreateProcessA
CloseHandle
GetFileAttributesA
GetVersionExA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
TerminateThread
GetTickCount
GetLocaleInfoA
lstrlenA
SetErrorMode
DeleteFileA
CreateMutexA
GetLastError
ExitProcess
GetSystemDirectoryA
GetShortPathNameA
GetCurrentProcessId
GetLogicalDriveStringsA
GetDriveTypeA
CopyFileA
SetFileAttributesA
GetModuleHandleA
GetModuleFileNameA
Sleep
MoveFileExA

user32

BlockInput
FindWindowExA
IsWindow
FindWindowA
ShowWindow
GetWindowTextA
SendMessageA

ws2_32

connect
htons
inet_addr
socket
send
WSAStartup
closesocket
WSAGetLastError
recv
WSACleanup
gethostbyname
ioctlsocket

shell32

ShellExecuteA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6dd0242cb111b48471f89752ba4935fe

Headers

File Characteristics

Imports

wininet

msvcrt

kernel32

user32

ws2_32

shell32

advapi32

ntdll

ole32

oleaut32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB