7526468a8067dbcbd5d5bfbc6e2eb1ed

General

Target

7526468a8067dbcbd5d5bfbc6e2eb1ed
Size

160KB
MD5

7526468a8067dbcbd5d5bfbc6e2eb1ed
SHA1

4646198d9db8db4e4f86f4bbafcfdeb7ef58347e
SHA256

f8dd529233def3ded8f854007a37a4043ba33b302eb867c005a48d8cb47245d6
SHA512

6069d819de4850da69bccdc5cd001cb5ee50713d5b3f49c02825d18d4f4b42ea002dfcc095c98437e350b12c3018f2c32290d7007e34cf71e933f77abc6a2ddb
SSDEEP

1536:aIlitFTYbkT6iIxJ2us6I/OeY7E7KjLG1oqUz:aIlivSg6iIXfI/HGEOnG1oqUz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7526468a8067dbcbd5d5bfbc6e2eb1ed

Files

7526468a8067dbcbd5d5bfbc6e2eb1ed
.exe windows:4 windows x86 arch:x86

1c0b129e5d42e6a11c75b26e8bafceaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
Sleep
ExitProcess
PeekNamedPipe
GetSystemDirectoryA
WriteFile
ReadFile
CopyFileA
GetModuleHandleA
GetModuleFileNameA
GetStartupInfoA
CreatePipe
GetProcAddress
FreeEnvironmentStringsW
WideCharToMultiByte
LCMapStringA
SetEndOfFile
LCMapStringW
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetCPInfo
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetLastError
LoadLibraryA
InterlockedIncrement
IsBadWritePtr
IsBadReadPtr
HeapValidate
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
VirtualFree
GetOEMCP
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
HeapReAlloc
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
HeapAlloc
VirtualAlloc
SetStdHandle
FlushFileBuffers
CreateFileA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
CreateServiceA
StartServiceA
StartServiceCtrlDispatcherA

ws2_32

htons
WSAStartup
socket
accept
bind
listen
closesocket
recv
send

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0b129e5d42e6a11c75b26e8bafceaa

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB