76bf54368e690f62acde072019aa6048

Sharing

Copy URL Twitter E-mail

General

Target

76bf54368e690f62acde072019aa6048
Size

289KB
MD5

76bf54368e690f62acde072019aa6048
SHA1

a94c41cc3931c0df16b3bd480fc1dc9229e224b4
SHA256

e2a84ae1abe7739a4a4198de723366c5a896c7d1241ffc5ff1a027e7e744bd9a
SHA512

ab0e33c93cc211ba5e15236543a0d95cbbafafe587af07790852d7e0cb43763ae8ea0ff85ee53da6faf6949b23afbf502faf7d559dbda70956ae44e00d22a57b
SSDEEP

6144:fPO2188Z28Z2hgrO5tvNyxQ9tmhOkDuUAtu91TNfxIWxEby9oT9n:fG26Ivi5tvcuUEuTNZ6byqT9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Werbung.exe
unpack002/s722b/ICQMAPI.dll

Files

76bf54368e690f62acde072019aa6048
.rar
Werbung.exe
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sub722beta1.zip
.zip
Leggimi.txt
s722b/COMMANDS.CFG
s722b/Download/blank
s722b/ICQMAPI.dll
.dll windows:4 windows x86 arch:x86

de91417e3b3138340a64a03b2ce56e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoW
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetTickCount
InterlockedIncrement
CloseHandle
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
SetFilePointer
InterlockedDecrement
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
SetStdHandle
FlushFileBuffers
GetLocaleInfoA

user32

UnregisterClassA
SendMessageTimeoutA
IsWindow
RegisterClassA
SetWindowLongA
PostMessageA
FindWindowA
CreateWindowExA
DefWindowProcA

Exports

Exports

ICQAPICall_Generic
ICQAPICall_GetDockingState
ICQAPICall_GetFirewallSettings
ICQAPICall_GetFullOwnerData
ICQAPICall_GetFullUserData
ICQAPICall_GetGroupOnlineListDetails
ICQAPICall_GetIsOnline
ICQAPICall_GetOnlineListDetails
ICQAPICall_GetOnlineListHandle
ICQAPICall_GetOnlineListPlacement
ICQAPICall_GetOnlineListType
ICQAPICall_GetVersion
ICQAPICall_GetWindowHandle
ICQAPICall_RegisterNotify
ICQAPICall_SendExternal
ICQAPICall_SendFile
ICQAPICall_SendFile2
ICQAPICall_SendMessage
ICQAPICall_SendURL
ICQAPICall_SetLicenseKey
ICQAPICall_SetOwnerPhoneState
ICQAPICall_SetOwnerState
ICQAPICall_UnRegisterNotify
ICQAPIUtil_FreeGroup
ICQAPIUtil_FreeUser
ICQAPIUtil_FreeUsers
ICQAPIUtil_SetUserNotificationFunc

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
s722b/fonts/default.bmp
s722b/fonts/halflife_blue.BMP
s722b/fonts/halflife_green.BMP
s722b/fonts/halflife_red.BMP
s722b/fonts/quake3_blue.BMP
s722b/fonts/quake3_green.BMP
s722b/fonts/quake3_red.BMP
s722b/fonts/quake3_red_small.BMP
s722b/fonts/quake3_white.BMP
s722b/fonts/typewriter.BMP
s722b/fonts/typewriter_small.BMP
s722b/help/commands.txt
s722b/help/editserver.txt
s722b/help/plugins.txt
s722b/help/readme.txt
s722b/help/sin.txt
s722b/menu.cfg
s722b/readme.txt
s722b/s7config.cfg

Sharing

General

Malware Config

Signatures

Files

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 92KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

de91417e3b3138340a64a03b2ce56e3f

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 15KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 3KB