45b4bd218f014be664c2c1fc65aa44cd

Sharing

Copy URL Twitter E-mail

General

Target

45b4bd218f014be664c2c1fc65aa44cd
Size

399KB
MD5

45b4bd218f014be664c2c1fc65aa44cd
SHA1

a1871cf2c19ffee58626684d15ea70823293a776
SHA256

9e4966e6bb9e4144cc2510db629569dc1001660b804edf842058946c0325b912
SHA512

ef17b6c0bfd5161d4feeaab9ddc52014b431f3de9a61539727cfc63bf2fe005b367c2602171d67688cbdd368b200bb2f017181359c7dd0f6f3bac2e8796c6ead
SSDEEP

6144:888q4WVxZ886dXn/xkD1w6IZmRdR03+c/+Hm8R:VHkVxk9Ix3+c/ta

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45b4bd218f014be664c2c1fc65aa44cd

Files

45b4bd218f014be664c2c1fc65aa44cd
.exe windows:1 windows x86 arch:x86

2b31437081be07ed3086ad55af369856

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GlobalMemoryStatus
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenProcess
CreateEventA
Process32First
Process32Next
CreateFileA
CreateFileMappingA
ReadProcessMemory
RtlUnwind
RtlZeroMemory
SetConsoleCtrlHandler
SetEvent
SetFilePointer
Sleep
UnmapViewOfFile
VirtualProtectEx
VirtualQueryEx
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
CloseServiceHandle
CreateServiceA

crtdll

__GetMainArgs
_snprintf
_strcmpi
_stricmp
_strnicmp
_wcsicmp

gdi32

GetStockObject

msvcrt

_snprintf
atoi
exit
free
malloc
mbstowcs
memcpy
memset
printf
raise
signal
sprintf
sscanf
strcat
strcmp
strcpy
strlen
strncpy
strstr
strtok
wcslen
_beginthreadex

shlwapi

SHDeleteKeyA

user32

LoadCursorA
LoadIconA
SetTimer
KillTimer
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
ExitWindowsEx
PostMessageA
CreateWindowExA
DefWindowProcA

ws2_32

htons
ioctlsocket
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
select
send
setsockopt
socket
gethostbyname
bind
gethostname
WSAAsyncSelect
closesocket
WSAGetLastError
WSAStartup
WSACleanup
__WSAFDIsSet
connect
WSAAccept
getpeername
WSARecv
getsockname
WSARecvFrom
WSASend
WSASendTo
WSASocketA
htonl

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rebld_i
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b31437081be07ed3086ad55af369856

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

gdi32

msvcrt

shlwapi

user32

ws2_32

Sections

.text Size: 220KB - Virtual size: 220KB

.bss Size: - Virtual size: 1KB

.rdata Size: 88B - Virtual size: 88B

.data Size: 169KB - Virtual size: 169KB

.idata Size: 4KB - Virtual size: 4KB

.rebld_i Size: 2KB - Virtual size: 2KB

.text
Size: 220KB - Virtual size: 220KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 88B - Virtual size: 88B

.data
Size: 169KB - Virtual size: 169KB

.idata
Size: 4KB - Virtual size: 4KB

.rebld_i
Size: 2KB - Virtual size: 2KB