27e358cbd190547cd1b6c957bda4e253

Sharing

Copy URL Twitter E-mail

General

Target

27e358cbd190547cd1b6c957bda4e253
Size

67KB
MD5

27e358cbd190547cd1b6c957bda4e253
SHA1

c8905bdac736be1cf12e4b4c0c8e73a30736e767
SHA256

39be8d114c378f622bfec574e211efcf6e8225edfd14a7d7177abc306dfb6d9d
SHA512

ebbe7bd5849170a9dfecd7f31c16e75841eec3d800998a9b83fe28dc58a7a50e2d357daddabccb9bb39436e8854028e96d2f9784aadd0bf971c85b16f5fa6025
SSDEEP

1536:tJp5gYTihaMBOIw/lUl0UPYYAPYY2N7H9sYp5yHTztac3UDSXdyn0:tJp5gYTs2a0UPnAPn2N7ppOXMc3q0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e358cbd190547cd1b6c957bda4e253

Files

27e358cbd190547cd1b6c957bda4e253
.exe windows:1 windows x86 arch:x86

d05ef1966d5bc880891f20ba0f10935a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetConnectA
InternetGetConnectedStateEx
InternetOpenA
InternetOpenUrlA
InternetReadFile
FtpGetFileA

iphlpapi

GetNetworkParams
GetTcpTable

kernel32

DeleteFileA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetBinaryTypeA
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
CloseHandle
GetTickCount
GetTimeFormatA
GetVersionExA
GetWindowsDirectoryA
GlobalLock
GlobalMemoryStatus
GlobalUnlock
LoadLibraryA
CopyFileA
MapViewOfFile
OpenProcess
PeekNamedPipe
ReadFile
ReleaseMutex
ResumeThread
RtlUnwind
RtlZeroMemory
SetConsoleCtrlHandler
SetCurrentDirectoryA
CreateFileA
SetErrorMode
SetFileAttributesA
CreateFileMappingA
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TerminateThread
UnmapViewOfFile
WaitForSingleObject
WriteFile
CreateMutexA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CreatePipe
CreateProcessA
CreateThread

user32

GetWindowTextA
GetWindowTextLengthA
FindWindowA
IsWindowVisible
OpenClipboard
CloseClipboard
GetClassNameA
GetClipboardData
GetForegroundWindow
GetKeyState
GetAsyncKeyState
VkKeyScanA
PeekMessageA
ExitWindowsEx
wsprintfA
CharUpperBuffA
SendMessageA
keybd_event
EnumWindows

advapi32

GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

ws2_32

ntohs
WSACleanup
listen
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
getsockname
socket
gethostbyname
gethostbyaddr
connect
closesocket
bind
accept
__WSAFDIsSet
sendto
WSAStartup
send
select
WSAIoctl
WSAGetLastError
recv

crtdll

__GetMainArgs
_snprintf
_splitpath
_strdup
_vsnprintf
atoi
atol
exit
fclose
fopen
free
getc
malloc
memset
putc
raise
rand
signal
srand
strcat
strchr
strcmp
strncat
strncpy
strpbrk
strstr
strtok
time

Sections

.avc
Size: 49KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d05ef1966d5bc880891f20ba0f10935a

Headers

File Characteristics

Imports

shell32

wininet

iphlpapi

kernel32

user32

advapi32

ws2_32

crtdll

Sections

.avc Size: 49KB - Virtual size: 72KB

.avc Size: 4KB - Virtual size: 8KB

.avc Size: 13KB - Virtual size: 16KB

.avc
Size: 49KB - Virtual size: 72KB

.avc
Size: 4KB - Virtual size: 8KB

.avc
Size: 13KB - Virtual size: 16KB