590ab1adcfc4e84be5351d0b4747d6fd

Sharing

Copy URL

Twitter E-mail

General

Target

590ab1adcfc4e84be5351d0b4747d6fd
Size

860KB
MD5

590ab1adcfc4e84be5351d0b4747d6fd
SHA1

77cedeb353ddcbb27638bc86fe6b01afdf87e5a4
SHA256

9db48031832f8f134c88004453f12eacfb54fbab1ad038c62f8b785f616fa532
SHA512

4924fe8822c3395e4112563d26706f91e46a37edc8dba941754db1886918890c46ffa2cf163bbcc363c9cf420ec45ccb0427ea20bca8071bbfec24bb65695c90
SSDEEP

24576:n7jnbJ6lsX13lnV4UE+25u0TZxn6niWlCIM63tQZ:n7EYKUtoTvbWlv6Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
590ab1adcfc4e84be5351d0b4747d6fd

Files

590ab1adcfc4e84be5351d0b4747d6fd
.exe windows:4 windows x86 arch:x86

4cdaa3c3c6ebc7aeeac75fc9a179e32d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
bind
listen
ntohl
accept
WSACloseEvent
htonl
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAEventSelect
WSARecv
WSASend
ioctlsocket
ntohs
gethostname
WSAGetLastError
WSASetLastError
WSAStartup
socket
setsockopt
connect
send
closesocket
htons
recv
gethostbyname
WSACleanup

psapi

GetModuleBaseNameA
EnumProcesses

iphlpapi

GetAdaptersInfo

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
GetOEMCP
GetCPInfo
LoadLibraryA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
CompareStringA
CompareStringW
GetEnvironmentVariableW
Sleep
CopyFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetTempFileNameA
GetTempPathA
CloseHandle
WaitForSingleObject
TerminateProcess
CreateThread
CreateProcessA
OpenProcess
GetCurrentProcess
CreateEventW
InterlockedDecrement
InterlockedIncrement
PulseEvent
SetLastError
FormatMessageA
GetVersionExW
GetCurrentThreadId
FreeEnvironmentStringsA
MoveFileExW
MoveFileW
GetFileAttributesW
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
WriteFile
GetDiskFreeSpaceW
GetFileInformationByHandle
FlushFileBuffers
GetTempPathW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetSystemTime
SetEvent
CreateMutexW
ReleaseMutex
SignalObjectAndWait
ResetEvent
FindClose
FindNextFileW
FindFirstFileW
TlsFree
UnlockFile
LockFileEx
LockFile
FindFirstFileA
GetSystemDirectoryA
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
HeapCreate
VirtualFree
CreateDirectoryA
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
CreateFileA
GetFileType
GetDateFormatA
GetTimeFormatA
GetFullPathNameA
GetDriveTypeA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
DeleteFileW
GetSystemInfo
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
VirtualAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetCurrentProcessId

user32

MoveWindow
GetWindowLongA
SetWindowLongA
ShowWindow
SendMessageA
GetWindowThreadProcessId
GetDlgItem
GetWindow
UnregisterClassA
CharLowerA
RegisterWindowMessageW
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeleteService
ControlService
StartServiceA
CreateServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

Sections

.text
Size: 756KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cdaa3c3c6ebc7aeeac75fc9a179e32d

Headers

File Characteristics

Imports

ws2_32

psapi

iphlpapi

kernel32

user32

advapi32

Sections

.text Size: 756KB - Virtual size: 753KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 756KB - Virtual size: 753KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B