47aeb6bd5399454b7392fc28b193b882

General

Target

47aeb6bd5399454b7392fc28b193b882
Size

36KB
MD5

47aeb6bd5399454b7392fc28b193b882
SHA1

696d1a75973cdff79451ade0f11a7ce479eb7169
SHA256

f4fdb4d92e2cb54fe08c9426465edbabb19e31bd496858df2de9d2a09020e063
SHA512

d6315dc48a26923fb334a74966142d94b6344db365027b988c7753506477581bbd4efb4e0cbf4487fd57ba5af9158597d39cc0f206621a16f0ea5472edb48a31
SSDEEP

768:LhVuT2H1Wczf1jbEu+jWdzwQ42Efm0Kc7B+SsG:Lc2H11f1jz+jW1wQ4v+0K2+SF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47aeb6bd5399454b7392fc28b193b882

Files

47aeb6bd5399454b7392fc28b193b882
.exe windows:5 windows x86 arch:x86

950161e1a0c99ba87020ef4293a2329a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlDosPathNameToNtPathName_U
ZwDuplicateObject
RtlCreateUserThread
RtlExitUserThread
ZwGetContextThread
ZwWaitForSingleObject
ZwDelayExecution
ZwOpenProcessToken
ZwSetContextThread
ZwResumeThread
RtlFreeUnicodeString
ZwOpenProcess
ZwCreateKey
RtlIpv4AddressToStringA
sprintf
ZwQuerySystemInformation
LdrFindEntryForAddress
wcsrchr
ZwQueryValueKey
ZwSetSecurityObject
ZwOpenKey
ZwSetInformationFile
RtlInitUnicodeString
ZwOpenFile
ZwClose
ZwCreateFile
LdrAccessResource
ZwQueryDirectoryFile
ZwSetValueKey
RtlGetFullPathName_U
swprintf
RtlGetCurrentPeb
RtlAdjustPrivilege
ZwQueryInformationToken
LdrFindResource_U
ZwWriteVirtualMemory
ZwWriteFile
memcpy

kernel32

GetSystemTimeAsFileTime
ExitProcess
GetTickCount

advapi32

OpenServiceW
CreateServiceW
DeleteService
ControlService
OpenSCManagerW
CloseServiceHandle
StartServiceW

ws2_32

WSAStartup
send
closesocket
WSASocketW
connect
WSACleanup

dnsapi

DnsQuery_A
DnsFree

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

950161e1a0c99ba87020ef4293a2329a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

dnsapi

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 205B

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 205B

.rsrc
Size: 28KB - Virtual size: 27KB