21dd45e2a866fef13aee7607a41e010805df08f2f97559183498cfc0d9f09353

General

Target

21dd45e2a866fef13aee7607a41e010805df08f2f97559183498cfc0d9f09353
Size

3.5MB
MD5

a458b0eefbe745be1cb7261540699dd7
SHA1

6ed86fa71f35eff3652f057faee570cc7829abd8
SHA256

21dd45e2a866fef13aee7607a41e010805df08f2f97559183498cfc0d9f09353
SHA512

f9e1c7c82c5f13ce671fe09451f7ca078c330aa8c8f5b5904bad68bfc989a9368648ce098a8bdb32c0a0950c1db455e96007d15d2f545f49716e48fda2172d83
SSDEEP

98304:sSnd7v4Bk1omxslkJtttVgFi80u7tV+LWSLmac3dLiU9Nx4DMK/aaygl5ZEeHXxX:9Ik1omxlJZK+Lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21dd45e2a866fef13aee7607a41e010805df08f2f97559183498cfc0d9f09353

Files

21dd45e2a866fef13aee7607a41e010805df08f2f97559183498cfc0d9f09353
.exe windows:4 windows x64 arch:x64

72f24a7217bb80fdd45ec3169a1ef07d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

printf
memset
malloc
strcmp
wcsstr
memmove
strlen
sprintf
strstr
_strdup
_controlfp
__set_app_type
__argc
__argv
_environ
__getmainargs
exit

kernel32

VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
VirtualFreeEx
CreateRemoteThread
CreateFileA
CreateFileMappingA
MapViewOfFile
ReadProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcess
IsProcessorFeaturePresent
GetSystemInfo
lstrlenA
CreateThread
GetStartupInfoA
GetCommandLineA
GetModuleHandleA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ntdll

RtlCreateUserThread

ws2_32

WSAStartup
socket
htons
bind
listen
accept
recv
closesocket
WSACleanup

user32

GetWindowTextA
SetWindowTextA
CreateWindowExA
GetClientRect
MoveWindow
BeginPaint
EndPaint
PostQuitMessage
RegisterHotKey
GetMessageA
IsWindowVisible
ShowWindow
PostMessageA
LoadCursorA
LoadIconA
RegisterClassA
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageA
DefWindowProcA

gdi32

TextOutA
CreateSolidBrush

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72f24a7217bb80fdd45ec3169a1ef07d

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

ntdll

ws2_32

user32

gdi32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.data Size: 4KB - Virtual size: 525KB

.pdata Size: 512B - Virtual size: 336B

.text
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 4KB - Virtual size: 525KB

.pdata
Size: 512B - Virtual size: 336B