3762e243aad6b1b0caef488d8c1e4280

Sharing

Copy URL Twitter E-mail

General

Target

3762e243aad6b1b0caef488d8c1e4280
Size

588KB
MD5

3762e243aad6b1b0caef488d8c1e4280
SHA1

c9bd57a42f189a0499cbac6afbc63345b79d88db
SHA256

cdfa2bd64f23dee0e5734c90d7be91031d419b7dbac6e7eaa482db8fb561ebb2
SHA512

99452a259673a15a7f6b40abf485146d79656541fbf82638d13d3f6b58c9805d9203abeda9803b820289e638f017daf4ad51b3a607823d7859d376daff1759ab
SSDEEP

12288:yiXNgcf8oK/BXigRt9kwccUfRXPcQPMBopNiJVx4w:ygbUoK/BigRt9kw8fIBopNiJVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3762e243aad6b1b0caef488d8c1e4280

Files

3762e243aad6b1b0caef488d8c1e4280
.exe windows:4 windows x86 arch:x86

7b6c47e88721ff2887acb685576c370d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
WSASocketA
select
gethostname
shutdown
WSASetLastError
ioctlsocket
__WSAFDIsSet
getservbyname
setsockopt
htonl
sendto
bind
listen
accept
getpeername
recv
WSAGetLastError
WSAStartup
WSACleanup
send
closesocket
socket
htons
connect
getsockname
inet_addr
gethostbyaddr
gethostbyname
inet_ntoa

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetCancelConnection2A
WNetAddConnection2A

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

kernel32

DebugBreak
IsDebuggerPresent
lstrlenA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
WideCharToMultiByte
TransactNamedPipe
VirtualQuery
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
GetTickCount
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
Sleep
GetStdHandle
AllocConsole
FreeConsole
OutputDebugStringA
WriteFile
GetProcAddress
LoadLibraryA
GetModuleHandleA
FreeLibrary
CloseHandle
GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
DeleteFileA
CreateFileA
GetTempPathA
GetLastError
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceA
TerminateProcess
OpenProcess
InterlockedDecrement
ReadFile
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
EnterCriticalSection
GetThreadPriority
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
CreateEventA
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
GetProcessAffinityMask
SetThreadPriority
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetExitCodeThread
TlsAlloc
TlsFree
SetLastError
TlsGetValue
LocalFree
FormatMessageA
ResetEvent

user32

wsprintfA
ExitWindowsEx

advapi32

CloseServiceHandle
ChangeServiceConfig2A
RegDeleteValueA
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
DeleteService
OpenSCManagerA
CreateServiceA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCreateKeyExA
ControlService

shell32

ShellExecuteA

msvcp80d

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Container_base@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base@std@@QAE@XZ
?_Orphan_all@_Container_base@std@@QBEXXZ
??0_Lockit@std@@QAE@H@Z

msvcr80d

_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
__p__fmode
__p__commode
_initterm_e
_memccpy
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_controlfp_s
_invoke_watson
_stricmp
_strdup
__set_app_type
__CxxFrameHandler3
_purecall
atoi
system
strlen
strcpy
memset
free
fclose
strtok
fgets
fopen
malloc
strstr
??3@YAXPAX@Z
strncpy
strcmp
_CxxThrowException
_invalid_parameter
_CrtDbgReportW
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
fprintf
vsprintf
strcat
_vsnprintf
strchr
memcpy
atof
strncmp
exit
srand
rand
wcscat
fputc
ferror
fread
ftell
fseek
fwrite
memcmp
fflush
__iob_func
calloc
isdigit
perror
strerror
_errno
sprintf
sscanf
printf
_beginthreadex
_endthreadex
_ftime64
_setjmp3
longjmp
wcscpy
_CRT_RTC_INITW
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_configthreadlocale
__setusermatherr
_adjust_fdiv

netapi32

NetScheduleJobAdd
NetUseDel
NetRemoteTOD
NetApiBufferFree
NetShareEnum
NetUserEnum
NetUseAdd

Sections

.textbss
Size: - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stub
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b6c47e88721ff2887acb685576c370d

Headers

File Characteristics

Imports

ws2_32

mpr

psapi

kernel32

user32

advapi32

shell32

msvcp80d

msvcr80d

netapi32

Sections

.textbss Size: - Virtual size: 207KB

.text Size: 448KB - Virtual size: 444KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 20KB - Virtual size: 29KB

.idata Size: 12KB - Virtual size: 8KB

.stub Size: 20KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 207KB

.text
Size: 448KB - Virtual size: 444KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 20KB - Virtual size: 29KB

.idata
Size: 12KB - Virtual size: 8KB

.stub
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB