3e0c79ee4483629471cb7489e16e68e6

Sharing

Copy URL Twitter E-mail

General

Target

3e0c79ee4483629471cb7489e16e68e6
Size

92KB
MD5

3e0c79ee4483629471cb7489e16e68e6
SHA1

036c07a3f0c606e93e1864a42548756dd80a1e2e
SHA256

77ec3fed19d5d9e1f1b81e20b1038c2cb353095c762ea29b3ed3c1d7751245a8
SHA512

613a3a02c9018076bd8fa6e2b9707e4182f453dde9524f526dd2a9316fc74c68dc8010f82eb6892482361ea3b8f2e448f65b8b44e3b371f5dc94f368451a3f69
SSDEEP

1536:/lPXgZLsJkfuYmUWqh2BnBs0rh/jgyf32ROQr0g4o4xQ:9/ghsVYmUWqh25BsShss+Ig4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e0c79ee4483629471cb7489e16e68e6

Files

3e0c79ee4483629471cb7489e16e68e6
.exe windows:4 windows x86 arch:x86

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
htons
ioctlsocket
connect
closesocket
send
recv
gethostbyname
WSAStartup

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ShowWindow
CreateWindowExA
GetWindow
GetWindowTextLengthA
GetWindowTextA
SetTimer
DefWindowProcA
RegisterClassA
DestroyWindow
GetAsyncKeyState
KillTimer
FindWindowA
PostQuitMessage

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetServiceDisplayNameA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle

msvcrt

__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
realloc
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
atoi
memcpy
free
strrchr
strchr
strncpy
rand
_beginthread
__CxxFrameHandler
time
malloc
exit
strcpy
sprintf
strcat
memmove
strlen
abs
memset
_except_handler3
strstr
__setusermatherr
_strnicmp
_strlwr
_stricmp
_ltoa
_strrev

msvcirt

??0ifstream@@QAE@PBDHH@Z
??7ios@@QBEHXZ
??_Difstream@@QAEXXZ
?eof@ios@@QBEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
?close@ifstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??_Dofstream@@QAEXXZ
?close@ofstream@@QAEXXZ

kernel32

SetErrorMode
lstrcmpiA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetEnvironmentVariableA
FindNextFileA
FindFirstFileA
GetComputerNameA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindClose
lstrlenA
lstrcatA
GetSystemInfo
lstrcpyA
GetWindowsDirectoryA
SearchPathA
GetLocalTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
DeleteFileA
WriteFile
GetVersionExA
MoveFileA
GetFileTime
FileTimeToSystemTime
GetSystemTime
SetFilePointer
CreateFileA
ReadFile
CloseHandle
GetLastError

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

Imports

wsock32

user32

advapi32

msvcrt

msvcirt

kernel32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 928B