4ba71bee7bb0648241c74b7df93c5b8c

Sharing

Copy URL Twitter E-mail

General

Target

4ba71bee7bb0648241c74b7df93c5b8c
Size

88KB
MD5

4ba71bee7bb0648241c74b7df93c5b8c
SHA1

0e14786063e0de268f2b8da597faab8d77c664b4
SHA256

57231718ef507886c346c2ba6c72eda2f48ff425cd4e645d075a334e95b77e1a
SHA512

c868ffa399c6bf3df6681ee1c4fa756bd34638a9dd35177922bffe7eea605b9ea7ebff507298123c38e98213938d463aa90042334c78d9f0b7d4e8d4de7f11a5
SSDEEP

1536:6ENIsyV/BSxFGNqyZBuKwLvQYHu5Tb8lgT4tEmdF/8dFhuNr0iV:xUExFJyZZCzHul8lWzQV8d+Nr0iV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ba71bee7bb0648241c74b7df93c5b8c

Files

4ba71bee7bb0648241c74b7df93c5b8c
.exe windows:4 windows x86 arch:x86

4f9749959bce49f7b344737737019cb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
WSAStartup
closesocket
WSAGetLastError
WSACleanup
recv
select
gethostname
socket
bind
htons
ioctlsocket
gethostbyname
connect

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
CreateThread
DeleteFileA
CreateProcessA
CopyFileA
GetWindowsDirectoryA
Sleep
CloseHandle
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetStringTypeW
GetFileSize
CreateFileA
GetFileAttributesA
WriteFile
SetFilePointer
MultiByteToWideChar
GetEnvironmentVariableA
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetLastError
GetCPInfo
GetACP
SetEnvironmentVariableA
GetOEMCP
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
ReadFile
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

wsprintfA
TranslateMessage
GetMessageA
DispatchMessageA
CharUpperBuffA

ole32

CoInitialize
CoCreateInstance

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
RegCloseKey

Sections

.avp
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f9749959bce49f7b344737737019cb4

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

Sections

.avp Size: 64KB - Virtual size: 68KB

.avp Size: 16KB - Virtual size: 40KB

.avp Size: 6KB - Virtual size: 8KB

.avp
Size: 64KB - Virtual size: 68KB

.avp
Size: 16KB - Virtual size: 40KB

.avp
Size: 6KB - Virtual size: 8KB