25187a271567890112fad2454bba7087

Sharing

Copy URL

Twitter E-mail

General

Target

25187a271567890112fad2454bba7087
Size

63KB
MD5

25187a271567890112fad2454bba7087
SHA1

dd72439058e114d95fe76170536f1b63f74ebc9e
SHA256

858535e6a45691ec8f4156979d0407a76d3a82b96296e4acff698f4300088f1a
SHA512

5f841e99dfff72d3f6ab368ddd4e1536191b5d04ca7d759598b92662156f1cb5d844b197a553605f53fe02e8450cc1cbe28b03cee73d8e3cd283c19f12ad5b41
SSDEEP

1536:qhqx0okzmxp/U0vCufRD5i7Uy2Iobz3tOJM2as:hSoDtvpfR9iR2Io/tOv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25187a271567890112fad2454bba7087

Files

25187a271567890112fad2454bba7087
.exe windows:4 windows x86 arch:x86

0f5b4050c85dda9a2fb75cb998ff0f81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
CreateServiceA
StartServiceA

shlwapi

StrStrIA
StrStrA
wnsprintfA

ws2_32

closesocket
sendto
setsockopt
getsockname
recvfrom
send
socket
connect
htons
WSAStartup
getsockopt
inet_ntoa
gethostbyname
recv

kernel32

CreateFileA
MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcmpW
GetSystemTime
OpenFile
SetFilePointer
WriteFile
CreateProcessA
VirtualAllocEx
WriteProcessMemory
GetCommandLineA
GetVersion
MapViewOfFile
CreateFileMappingA
ExitProcess
ExitThread
Sleep
TerminateThread
OpenThread
GetCurrentThreadId
CloseHandle
CreateThread
CreateMutexA
OpenMutexA
GetSystemDirectoryA
lstrcmpA
lstrlenW
IsBadReadPtr
lstrcmpiA
GetTickCount
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetTimeZoneInformation
GetLastError
CreateRemoteThread

user32

GetDC
wsprintfA
CharLowerA

dnsapi

DnsQuery_A
DnsExtractRecordsFromMessage_W
DnsRecordListFree

gdiplus

GdipDeletePen
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipDeleteFont
GdipLoadImageFromStream
GdipCreatePen1
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

shell32

ShellExecuteA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f5b4050c85dda9a2fb75cb998ff0f81

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

gdiplus

gdi32

ole32

shell32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 21.2MB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 21.2MB

.rsrc
Size: 512B - Virtual size: 16B