592cc93a193d2580eeccb1f034f65b95

Sharing

Copy URL Twitter E-mail

General

Target

592cc93a193d2580eeccb1f034f65b95
Size

344KB
MD5

592cc93a193d2580eeccb1f034f65b95
SHA1

ca937afb8f855c202a32092e96eef0f8912767bf
SHA256

573b4413d3b69c1f751e3307f0ac511ae65a36dc74cc3046a62b67f8dd9b3912
SHA512

f779188af9d234199a60513b0069d1ac961a1855a426f6c64b11517cc01f4ecae44d873fd2753f8efe5809921d8aaf99095212623392ef54ae7c69417e676663
SSDEEP

6144:HnV7b3fTCEfZzb2ds7BVAkXxSGg01AN8SN5m1iOTcctZK2EQlKooh8pzappqvkZ:HlfTCO6dshXxRgou8o5mMOj9EQJoian7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
592cc93a193d2580eeccb1f034f65b95

Files

592cc93a193d2580eeccb1f034f65b95
.exe windows:4 windows x86 arch:x86

b32278d9d09ff8dd81a1107d86fb62d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
WSASocketA
listen
WSAAccept
gethostbyaddr
ntohs
WSACleanup
closesocket
shutdown
setsockopt
WSAGetLastError
WSASend
WSARecv
WSASetLastError
bind
htons
gethostbyname
WSAAsyncSelect
inet_addr
WSAStartup
inet_ntoa
WSAConnect
htonl

tcl84

Tcl_SetDoubleObj
Tcl_EvalFile
Tcl_AppendResult
Tcl_CreateObjCommand
Tcl_SetStringObj
Tcl_NewObj
Tcl_CreateSlave
Tcl_SetObjResult
Tcl_ResetResult
Tcl_SetLongObj
Tcl_GetLongFromObj
Tcl_DeleteInterp
Tcl_GetString
Tcl_SetIntObj
Tcl_FindExecutable
Tcl_GetIntFromObj
Tcl_CreateInterp
Tcl_ListObjAppendElement
Tcl_SetWideIntObj
Tcl_SetVar
Tcl_GetVar
Tcl_UnsetVar

shell32

ShellExecuteA
Shell_NotifyIconA

crypt32

CertFreeCertificateContext
CertOpenSystemStoreA
CertFindCertificateInStore
CertCloseStore

kernel32

HeapDestroy
VirtualFree
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
FlushFileBuffers
VirtualAlloc
TlsSetValue
LCMapStringW
LCMapStringA
GetOEMCP
SetStdHandle
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetStdHandle
GetVersion
GetCommandLineA
WideCharToMultiByte
GetTimeZoneInformation
FreeEnvironmentStringsA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
TlsAlloc
CompareStringA
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetACP
InterlockedExchange
PostQueuedCompletionStatus
GetLastError
GetProcAddress
ExitProcess
LoadLibraryA
FreeLibrary
GetTickCount
Sleep
MoveFileA
CloseHandle
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CompareStringW
SetLastError
GetFileType
GetSystemTime
FileTimeToSystemTime
SwitchToThread
CreateDirectoryA
CreateProcessA
GetStartupInfoA
DuplicateHandle
CreatePipe
GetVersionExA
DeleteFileA
GetFileAttributesExA
FormatMessageA
SetEvent
SetThreadPriority
CreateEventA
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
GetFileAttributesA
GetExitCodeProcess
GetFileSize
InterlockedDecrement
ResetEvent
ReadFile
CreateSemaphoreA
InterlockedIncrement
GetModuleFileNameA
SetEndOfFile
GetCurrentProcess
WriteFile
ExitThread
MapViewOfFile
OpenProcess
WaitForSingleObject
QueryPerformanceCounter
SetFilePointer
GetLocalTime
SetCurrentDirectoryA
GetCurrentThreadId
SetErrorMode
HeapCompact
HeapFree
HeapReAlloc
ReleaseSemaphore
HeapCreate
GetModuleHandleA
GetCurrentProcessId
CompareFileTime
SetEnvironmentVariableA
GetFileTime
GetSystemTimeAsFileTime
SetPriorityClass
CreateIoCompletionPort
QueryPerformanceFrequency
GetSystemInfo
InitializeCriticalSection
GetEnvironmentVariableA
GetDiskFreeSpaceExA
HeapAlloc
MoveFileExA
CopyFileA
GetQueuedCompletionStatus
SystemTimeToFileTime
lstrcpynA

user32

TrackPopupMenu
PostMessageA
GetMessageA
WaitForInputIdle
AppendMenuA
wsprintfA
DefWindowProcA
LoadImageA
DispatchMessageA
KillTimer
CreateWindowExA
CreatePopupMenu
RegisterClassExA
TranslateMessage
GetCursorPos
LoadCursorA
LoadIconA
SetForegroundWindow

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32278d9d09ff8dd81a1107d86fb62d4

Headers

File Characteristics

Imports

ws2_32

tcl84

shell32

crypt32

kernel32

user32

mswsock

Sections

.text Size: 280KB - Virtual size: 276KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 280KB - Virtual size: 276KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 12KB - Virtual size: 9KB