b4ec2c6b2bc254571e87d8ea51856bbb1f65c066549747cb8a048deceb7c4011

Sharing

Copy URL Twitter E-mail

General

Target

b4ec2c6b2bc254571e87d8ea51856bbb1f65c066549747cb8a048deceb7c4011
Size

3.5MB
MD5

148393a3d7648826453dd43e819a6841
SHA1

d5907067ea5869f42bd600470d0640935d296e0d
SHA256

b4ec2c6b2bc254571e87d8ea51856bbb1f65c066549747cb8a048deceb7c4011
SHA512

42b5745f0021302a8b0916b9d9b2abf37c37628bd60d32fffdfd09e459e58dc8dcf97f6c5c4e274a85aa7665f642bc8c0b164a9034b630399616ff19be148a75
SSDEEP

49152:IZDjI4/1B3jMgPWW8k9g/J2oPEm4ZvEUGtmQsTI+7jx2GIs2PZB8wtvSSMXPapx/:I9z/1i/qxG3sssMmwtd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ec2c6b2bc254571e87d8ea51856bbb1f65c066549747cb8a048deceb7c4011

Files

b4ec2c6b2bc254571e87d8ea51856bbb1f65c066549747cb8a048deceb7c4011
.exe windows:6 windows x86 arch:x86

627a6ca48b5b47180a369bc58a512df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

shlwapi

AssocQueryStringW

ws2_32

WSASetEvent
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
gethostname
gethostbyname
send
recv
WSAAddressToStringW
WSAStringToAddressW
WSASocketW
WSASend
WSARecv
WSAIoctl
WSASocketA
WSASetLastError
shutdown
setsockopt
select
ntohl
listen
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
inet_ntop
inet_ntoa
WSACleanup
WSAStartup
WSAWaitForMultipleEvents
WSAStringToAddressA
ntohs
WSAGetLastError

advapi32

GetTokenInformation
OpenSCManagerA
OpenServiceA
RegGetValueW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
CloseServiceHandle
GetLengthSid
CopySid
OpenProcessToken
ReportEventA

kernel32

HeapAlloc
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFullPathNameA
GetDriveTypeW
GetProcessHeap
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ResumeThread
ExitThread
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
RtlUnwind
RaiseException
LoadLibraryW
HeapFree
HeapReAlloc
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
CreatePipe
ReadConsoleW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
CloseHandle
GetLastError
CreateMutexA
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
IsValidCodePage
Sleep
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
ReadFile
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
GetModuleFileNameW
MoveFileExA
GetNativeSystemInfo
GetSystemDefaultLangID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
WriteFile
PeekNamedPipe
CreateProcessW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetSystemDirectoryW
CreateNamedPipeA
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
SleepEx
CreateMutexW
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
CreateWaitableTimerA
VerifyVersionInfoA
OpenProcess
GetStdHandle
GetFileType
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
OutputDebugStringA
GetCurrentThread
GetCurrentDirectoryA
SwitchToThread
LockFileEx
UnlockFile
SetHandleInformation
CopyFileA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
AllocConsole
GetConsoleMode
WriteConsoleA
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetOEMCP
SetEnvironmentVariableA
WriteConsoleW
HeapSize
FindFirstFileA
FormatMessageA
TryEnterCriticalSection
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceFrequency
GetStringTypeW
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileW
MoveFileExW
AreFileApisANSI
LocalFree
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeExW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessAffinityMask
ReleaseSemaphore
RtlCaptureStackBackTrace

user32

GetUserObjectInformationW
GetDC
LoadStringW
LoadStringA
ReleaseDC
GetProcessWindowStation
MessageBoxA

gdi32

GetDIBits
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
GetObjectA

Exports

Exports

get_logger_instance

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

627a6ca48b5b47180a369bc58a512df6

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

shlwapi

ws2_32

advapi32

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 73KB - Virtual size: 92KB

.tls Size: 512B - Virtual size: 17B

.gfids Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 130KB - Virtual size: 129KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 73KB - Virtual size: 92KB

.tls
Size: 512B - Virtual size: 17B

.gfids
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 130KB - Virtual size: 129KB