4dabafdd0f8e70cb3eb1dfc2ee4fad70

Sharing

Copy URL

Twitter E-mail

General

Target

4dabafdd0f8e70cb3eb1dfc2ee4fad70
Size

196KB
MD5

4dabafdd0f8e70cb3eb1dfc2ee4fad70
SHA1

c059508989e1f0e9b48678aff5bf0f9552c8a734
SHA256

1c5d7d3c2598f6df23b81ae83d3055355cf9bc28c5757f87a8807fa2a94d518f
SHA512

fe366b2e4b8af0b40cf063f38c60a9da5d32df241fae05b41292346fcca2d82b72ff94be4bcc4a42f418d7370dc62d46b8a4932b5feb1215cb5ed6585ba1ba39
SSDEEP

6144:VE/Xql79EmY3saQV5DjMf2fW55JXgXAmhekFT:i+9esaQV5vW5Pm0kp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KoinoFTClient.exe

Files

4dabafdd0f8e70cb3eb1dfc2ee4fad70
.zip
KoinoFTClient.exe
.exe windows:4 windows x86 arch:x86

482344afcce9eb62ba8a04788ab174ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
WSACleanup
WSAStartup
shutdown
recv
send
accept
ioctlsocket
getpeername
select
__WSAFDIsSet
listen
bind
htonl
htons
socket
closesocket
WSASetLastError
WSAGetLastError
gethostbyname
getservbyname
gethostbyaddr
ntohs
getservbyport
connect
gethostname
inet_ntoa
WSAIoctl
inet_addr

kernel32

CloseHandle
WriteFile
GetStdHandle
OutputDebugStringA
WriteConsoleA
GetVersionExA
GetLastError
CreateMutexA
LoadLibraryA
DeleteFileA
CreateThread
SetCurrentDirectoryA
Sleep
ReadFile
GetFileSize
FindClose
CreateDirectoryA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
GetDriveTypeA
MoveFileA
CreateFileA
SetFilePointer
SetEndOfFile
AllocConsole
TerminateThread
InterlockedExchange
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenA
FreeLibrary
GetProcAddress
GetSystemDirectoryA
lstrcpyA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
SetEnvironmentVariableA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy

user32

MessageBoxA
LoadStringA
LoadIconA

shell32

SHGetFileInfoA
SHFileOperationA

advapi32

RegOpenKeyExA
CryptGenRandom
CryptReleaseContext
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptAcquireContextA
RegCloseKey

Sections

.text
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

482344afcce9eb62ba8a04788ab174ad

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

shell32

advapi32

Sections

.text Size: 340KB - Virtual size: 337KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 340KB - Virtual size: 337KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 4KB - Virtual size: 3KB