57a9da362435e2e89bb2abbec94fe174

General

Target

57a9da362435e2e89bb2abbec94fe174
Size

94KB
MD5

57a9da362435e2e89bb2abbec94fe174
SHA1

e7b58f79a498c81430ba82683670a6b54f541b86
SHA256

e6ace671e007e23e4c5b4c14e4de8b474940686794d8095ee1da2d19834e4bc4
SHA512

84c01c00badbb5bd3139883ad260848c9b74a654ede818719510f698064bce41c3eccfd9c956148637b1652eb4bd1de7bb57033e01286f1a21fea7e24e904324
SSDEEP

384:W83+0tBfCEjAP9ZHYoGfKZBNSzB0hhoOBBnz2c5vxcywtxtsGlTTFfP:/3f8lNYRKTIBm7Lni2JUxtsGlTTFfP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57a9da362435e2e89bb2abbec94fe174

Files

57a9da362435e2e89bb2abbec94fe174
.exe .vbs windows:4 windows x86 arch:x86 polyglot

7521c947c83f9c317f5a7d9c476dd774

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
ExitWindowsEx
GetAsyncKeyState
GetDC
GetSystemMetrics
ReleaseDC

wsock32

inet_ntoa
WSAStartup
WSACleanup
closesocket
htons
listen
socket
accept
bind
send
recv

kernel32

GetSystemDirectoryA
Process32First
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetLastError
GetLocalTime
GetPriorityClass
lstrlenA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LocalFree
LocalLock
MoveFileA
OpenProcess
TerminateProcess
Process32Next
ReadFile
RemoveDirectoryA
SetCurrentDirectoryA
Sleep
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA

gdi32

GetDIBits
SelectObject
GetDeviceCaps
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7521c947c83f9c317f5a7d9c476dd774

Headers

File Characteristics

Imports

user32

wsock32

kernel32

gdi32

advapi32

shell32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 16B