57dd7a992de74d368ca27dc8d616bccc

Sharing

Copy URL Twitter E-mail

General

Target

57dd7a992de74d368ca27dc8d616bccc
Size

132KB
MD5

57dd7a992de74d368ca27dc8d616bccc
SHA1

f5404f3d31f10bf331ced6959e2bf3772c3ae94d
SHA256

763d4f9142595d04319ef2cafe56e8ad5903401f00afe16797ce99c90db3f0a6
SHA512

8bc499e69cfea776b66fc7cf4f75bc7f5a6f57363082d5f9560ab019e1c6e9af2a33d9de3c46d56a79aff3c0774da5fbddafc9f8e3045bda0121fb5f1e90d26d
SSDEEP

3072:wz45dXom5xotnyJsfG0ejBQhCJLbMeIXslPPHTtnY:Lom5xonZ/ApbMAp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57dd7a992de74d368ca27dc8d616bccc

Files

57dd7a992de74d368ca27dc8d616bccc
.exe windows:4 windows x86 arch:x86

801d89972af494f58481997d169dc57b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
htonl
send
setsockopt
getservbyport
recv
WSAGetLastError
getservbyname
WSASetLastError
ntohs
connect
gethostbyaddr
inet_addr
inet_ntoa
WSAStartup
WSACleanup
shutdown
WSARecv
WSASocketW
WSASend
WSAConnect
closesocket
sendto
htons
socket

powrprof

CallNtPowerInformation

kernel32

SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
CreateFileA
GetFileSize
CreateMutexW
ReadFile
ReleaseMutex
CreateFileW
WriteFile
CloseHandle
MultiByteToWideChar
DeleteFileW
GetLocalTime
SetFilePointer
ResetEvent
CreateEventW
SetEvent
GetSystemInfo
GlobalMemoryStatus
GetTickCount
GetProcAddress
Sleep
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WaitForSingleObject
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

OpenSCManagerW
CloseServiceHandle
StartServiceW
ControlService
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

801d89972af494f58481997d169dc57b

Headers

File Characteristics

Imports

iphlpapi

ws2_32

powrprof

kernel32

advapi32

shell32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 34KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 34KB

.rsrc
Size: 24KB - Virtual size: 24KB