396300f80d3890d27edb20808196dda2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

396300f80d3890d27edb20808196dda2
Size

32KB
MD5

396300f80d3890d27edb20808196dda2
SHA1

bb187e8d3b644d11919b9450a5722db8824c2499
SHA256

363661a9218031dea0d2ff2ae2d18a779c98ced65ed3de80bc53a4a92eb1d187
SHA512

2e6829acdbfa95bcfa0e642f103d16feb3400209bde533cc3d623bd27bb42123f21673702208ef6a95b390bf5cc2c78db80deafd2eb3591cb80348dbc684de50
SSDEEP

384:xWz43CRYRQrg6xapVKX7/LGNKwTwVw0xf5YJDlz/38TRtnw6gP1DKhVvl7JXeqY2:wlYuB6CTf5Y9lzkTE6gxm/7JOqYL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396300f80d3890d27edb20808196dda2

Files

396300f80d3890d27edb20808196dda2
.exe windows:4 windows x86 arch:x86

a3dde888d0cffea6db942a0565e93627

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandom
strncpy
atoi
strchr
strstr
_itoa
strncat
sprintf
_stricmp
memset
_chkstk
memcpy
RtlUnwind
NtQueryVirtualMemory

ws2_32

ioctlsocket
gethostname
inet_addr
WSAGetLastError
htons
ntohs
setsockopt
sendto

dnsapi

DnsRecordListFree
DnsQuery_A

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetConnectA
HttpQueryInfoA

kernel32

CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetSystemTime
GetLocalTime
VirtualAlloc
GetProcAddress
GetLastError
SetCurrentDirectoryA
ExitThread
GetTimeZoneInformation
DeleteFileA
LoadLibraryA
ReadFile
Sleep
TerminateThread
GetCommandLineA
WriteFile
ExpandEnvironmentStringsA
GetProcessHeap
VirtualFree
GetTickCount
HeapFree
ExitProcess
CreateFileA
GetFileSize
SetFilePointer
SystemTimeToFileTime
HeapAlloc
lstrcpynA

advapi32

ControlService
OpenSCManagerA
OpenServiceW
CloseServiceHandle

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE