f031c266a778384b94fbd22e0b14c8326d385171c2ede6d3786f5562d6d207c7

General

Target

f031c266a778384b94fbd22e0b14c8326d385171c2ede6d3786f5562d6d207c7
Size

95KB
MD5

aff4822bd4b5785841d357d5fc665a03
SHA1

2e300139e752bc2df9e6ce03271e2e9492198914
SHA256

f031c266a778384b94fbd22e0b14c8326d385171c2ede6d3786f5562d6d207c7
SHA512

00547e65ed14bcf86296fd9bdaadb96c58ef7740ce3d3dc5bb8ced27b51f4f391d79093ac1ec401e05a8efdee50c417e5bee6c6b98a4dbaa854f0f13a2ac5014
SSDEEP

1536:3YXjPr0TrD53ZticuB6nefmh/2TEv0Orar2bAZrm/6Q/dF:3YXUTH53ZtuB1fmh/QEvnrEsSQ/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f031c266a778384b94fbd22e0b14c8326d385171c2ede6d3786f5562d6d207c7

Files

f031c266a778384b94fbd22e0b14c8326d385171c2ede6d3786f5562d6d207c7
.exe windows:4 windows x64 arch:x64

09ec7235f98f07f5c19e1355f1fea3ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

printf
memset
malloc
strcmp
wcsstr
memmove
strlen
sprintf
strstr
_strdup
_controlfp
__set_app_type
__argc
__argv
_environ
__getmainargs
exit

kernel32

VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
VirtualFreeEx
CreateRemoteThread
CreateFileA
CreateFileMappingA
MapViewOfFile
ReadProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcess
IsProcessorFeaturePresent
GetSystemInfo
lstrlenA
CreateThread
GetStartupInfoA
GetCommandLineA
GetModuleHandleA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ws2_32

WSAStartup
socket
htons
bind
listen
accept
recv
closesocket
WSACleanup

user32

GetWindowTextA
SetWindowTextA
CreateWindowExA
GetClientRect
MoveWindow
BeginPaint
EndPaint
PostQuitMessage
RegisterHotKey
GetMessageA
IsWindowVisible
ShowWindow
PostMessageA
LoadCursorA
LoadIconA
RegisterClassA
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageA
DefWindowProcA

gdi32

TextOutA
CreateSolidBrush

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09ec7235f98f07f5c19e1355f1fea3ed

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

ws2_32

user32

gdi32

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 525KB

.pdata Size: 512B - Virtual size: 336B

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 525KB

.pdata
Size: 512B - Virtual size: 336B