d3a0975732deb2b3c5cad9fcc081bc1aac00f3237d8bb405a1f7fa4a8e60ae85

Sharing

Copy URL Twitter E-mail

General

Target

d3a0975732deb2b3c5cad9fcc081bc1aac00f3237d8bb405a1f7fa4a8e60ae85
Size

1.8MB
MD5

159cb0f953aabae347925fd29e0504f8
SHA1

c6873de48373d336e013d6f62ac6a804cbae8178
SHA256

d3a0975732deb2b3c5cad9fcc081bc1aac00f3237d8bb405a1f7fa4a8e60ae85
SHA512

68f66080fabed5dfe80179a658823115060f1778e337c02908f4a5e449f54815929c2b01e372a2eb142016e92f35981155aa3b6eb3af2e490cda779ea02f8a81
SSDEEP

49152:w23i5w2668EDFtqipkzaQL0aRmFaPTT9Zdx8a:w2Se26cZ8iWzaQLvR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a0975732deb2b3c5cad9fcc081bc1aac00f3237d8bb405a1f7fa4a8e60ae85

Files

d3a0975732deb2b3c5cad9fcc081bc1aac00f3237d8bb405a1f7fa4a8e60ae85
.exe windows:5 windows x86 arch:x86

f3bcb7f603d818bf8ed6b265338190bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
gethostbyname
getservbyname
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord33
ord46
ord211
ord60
ord50
ord301
ord200
ord30
ord79
ord35
ord143
ord32
ord27
ord26
ord22
ord41

shlwapi

PathIsDirectoryA
StrToIntA
PathRemoveFileSpecA
PathAddBackslashA
PathFileExistsA

kernel32

GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
FindFirstFileExW
LoadLibraryExW
RtlUnwind
RaiseException
GetModuleFileNameA
DeleteFileA
Process32First
FindFirstFileA
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
TerminateProcess
FindNextFileA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
CreateMutexA
WaitForSingleObject
GetFileAttributesW
GetCurrentDirectoryA
GetModuleHandleA
OpenProcess
SetCurrentDirectoryA
GetCommandLineA
CreateToolhelp32Snapshot
MultiByteToWideChar
GetTempPathA
GetLastError
GetFileAttributesA
OutputDebugStringW
MoveFileExA
Process32Next
CloseHandle
WritePrivateProfileStringA
GetProcAddress
RemoveDirectoryA
DeleteCriticalSection
CreateProcessW
WideCharToMultiByte
lstrcmpiA
CreateProcessA
CreateDirectoryA
ReadConsoleW
SetErrorMode
GetUserDefaultLCID
Sleep
CopyFileA
GetWindowsDirectoryA
GetCurrentProcessId
GetExitCodeProcess
ExitThread
TerminateThread
CreateThread
GetThreadContext
SetThreadContext
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
DecodePointer
EncodePointer
GetConsoleCP
GetPrivateProfileStringA
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
SetEnvironmentVariableA
lstrlenA
HeapSize
FindNextFileW

user32

DispatchMessageA
GetWindowRect
ShowWindow
SetTimer
GetMessageA
CreateWindowExA
GetProcessWindowStation
SendMessageA
PostQuitMessage
RegisterClassExA
UpdateWindow
BeginPaint
EndPaint
RegisterClassExW
LoadIconA
GetSystemMetrics
GetUserObjectInformationW
MessageBoxA
TranslateMessage
DefWindowProcA

advapi32

AllocateAndInitializeSid
ReportEventA
RegisterEventSourceA
DeregisterEventSource
AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueA
OpenProcessToken
FreeSid
CheckTokenMembership
RegCloseKey
RegQueryValueExA

shell32

SHCreateDirectoryExA
SHFileOperationA
ShellExecuteExA
CommandLineToArgvW

psapi

GetModuleFileNameExA
EnumProcessModules

comctl32

ord17

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3bcb7f603d818bf8ed6b265338190bd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

kernel32

user32

advapi32

shell32

psapi

comctl32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 360KB - Virtual size: 359KB

.data Size: 39KB - Virtual size: 55KB

.gfids Size: 1024B - Virtual size: 660B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 360KB - Virtual size: 359KB

.data
Size: 39KB - Virtual size: 55KB

.gfids
Size: 1024B - Virtual size: 660B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 61KB - Virtual size: 60KB