40ff582a0ab6fb20ca729541c36979d7

Sharing

Copy URL Twitter E-mail

General

Target

40ff582a0ab6fb20ca729541c36979d7
Size

1.2MB
MD5

40ff582a0ab6fb20ca729541c36979d7
SHA1

cc63b1426c0f37ce089499744f478ad8adbe4ba8
SHA256

669aa487e8bebd0def38d982c2f9898fde07e125a7e1f2d2cd4783a975290ec9
SHA512

85adba6e54b5101ad4a79dc848479edb828ff2a777e8d392165787ba321595d573a2cc5d6efaa5efbcae1b9353e5a913faf1ae6675e71185c396adedda92c222
SSDEEP

24576:K2L5priaypoRgoutaN2p1apXzPjUxANhO74:KGpGbiWxaNeapDP6ANhe4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ff582a0ab6fb20ca729541c36979d7

Files

40ff582a0ab6fb20ca729541c36979d7
.exe windows:4 windows x86 arch:x86

6ba4237b647660af7679e91af919547c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

select
__WSAFDIsSet
shutdown
send
sendto
ioctlsocket
WSAStartup
WSACleanup
inet_addr
gethostname
recvfrom
gethostbyaddr
accept
listen
WSASetLastError
getprotobyname
setsockopt
htons
bind
getsockname
ntohs
socket
connect
getsockopt
inet_ntoa
WSAGetLastError
closesocket
recv
gethostbyname

winmm

timeGetTime

gdi32

CreateDCA
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
BitBlt
SelectObject
GetObjectA
DeleteDC
GetBitmapBits
DeleteObject

advapi32

RegOpenKeyExA
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
CreateServiceA
OpenSCManagerA
RegisterEventSourceA
ReportEventA
QueryServiceConfigA
ChangeServiceConfigA
DeregisterEventSource
RegCreateKeyExA
RegSetValueExA
StartServiceA
RegCloseKey
RegQueryValueExA
GetSecurityDescriptorGroup
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
OpenServiceA
DeleteService
QueryServiceStatus
ControlService
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenThreadToken

iphlpapi

GetIpAddrTable

msvcrt

__setusermatherr
__p__commode
__p__fmode
_initterm
_adjust_fdiv
gmtime
_controlfp
__dllonexit
_onexit
_XcptFilter
__getmainargs
__p___initenv
_get_osfhandle
_exit
_mbschr
perror
mblen
_mbsrchr
_setmode
_mbsinc
ftell
wcsstr
strcmp
_vsnprintf
rand
qsort
srand
_lseeki64
_stati64
_fstati64
__set_app_type
_beginthreadex
_sys_nerr
_getch
fputc
strtol
fputs
memchr
fseek
memmove
strchr
atoi
strtoul
_iob
calloc
system
_ftol
signal
setlocale
getenv
exit
vfprintf
strrchr
fread
_mkdir
localtime
time
strftime
_unlink
fwrite
fflush
_errno
strerror
_locking
strstr
strncpy
fgets
mktime
_heapchk
abort
tolower
toupper
realloc
free
_isctype
__mb_cur_max
_pctype
sscanf
strncmp
_getcwd
sprintf
malloc
fopen
printf
fclose
getc
putc
_except_handler3
fprintf
_read
_strupr
_write
_lseek
_putenv
_tzset
_isatty
_chmod
_strdup
_close
_open
_strnicmp
_stricmp
_getpid
_stat
_fileno

kernel32

SetCurrentDirectoryA
SetEvent
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
lstrcpynA
GetConsoleMode
SetConsoleMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileAttributesA
GetConsoleScreenBufferInfo
GetLocaleInfoA
GetDriveTypeA
SetVolumeLabelA
GetFullPathNameA
GetVolumeInformationA
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesA
SetFileTime
SetFilePointer
SetEndOfFile
GetCurrentThreadId
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
FreeLibrary
LoadLibraryA
DuplicateHandle
WaitForMultipleObjects
TerminateThread
GetExitCodeThread
SleepEx
LocalAlloc
lstrlenA
OpenProcess
SetLastError
GetCurrentThread
TerminateProcess
GetLocalTime
CreateFileA
CreateProcessA
GetVersionExA
ReleaseMutex
CreateMutexA
SetPriorityClass
CloseHandle
CreateThread
CreateEventA
GetModuleFileNameA
SetErrorMode
WaitForSingleObject
MoveFileA
GetProcessHeap
CopyFileA
HeapFree
LocalFree
HeapAlloc
FindNextFileA
FindClose
FindFirstFileA
RemoveDirectoryA
GetModuleHandleA
GetTickCount
GetCurrentProcess
GetLastError
GetProcAddress
Sleep
FlushConsoleInputBuffer
FormatMessageA

user32

GetDesktopWindow
MessageBoxA
OemToCharA
GetUserObjectInformationW
GetProcessWindowStation
CharToOemA

Sections

.text
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 104KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ba4237b647660af7679e91af919547c

Headers

File Characteristics

Imports

wsock32

winmm

gdi32

advapi32

iphlpapi

msvcrt

kernel32

user32

Sections

.text Size: 840KB - Virtual size: 839KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 104KB - Virtual size: 182KB

.trdata Size: 76KB - Virtual size: 76KB

.text
Size: 840KB - Virtual size: 839KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 104KB - Virtual size: 182KB

.trdata
Size: 76KB - Virtual size: 76KB