78cb4327ff09549a7e966d4d98a5c52c

Sharing

Copy URL Twitter E-mail

General

Target

78cb4327ff09549a7e966d4d98a5c52c
Size

968KB
MD5

78cb4327ff09549a7e966d4d98a5c52c
SHA1

77168518a6190c8ee7070e53c8f35fa2c436c53f
SHA256

0baa856479cdcdd44ab7bfbd1e48d2e997bf9db36d712b59419c44093dfccbb9
SHA512

a31db2b0a174b20b038a734bf1bf63bfba907e28985acdff61aa95ead8d00498bc8626e59af4ae97698d20c64d04074725cd60c6e5fd4a456e9ea15b3da371f6
SSDEEP

12288:bWIAFw7XZ+ORvHQHSv7Ux1M8qhbkH6FKJlkIysXeQtnpnVZuf4CZJi:bxACXFn7pF8/P/kf4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78cb4327ff09549a7e966d4d98a5c52c

Files

78cb4327ff09549a7e966d4d98a5c52c
.exe windows:4 windows x86 arch:x86

5f9334234ca218d409d218b52421d3ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
shutdown
WSAStartup
WSAGetLastError
WSACleanup
closesocket
WSAEventSelect
WSASend
WSARecv
WSASocketA
bind
htons
htonl
listen
connect
inet_addr
gethostbyname
inet_ntoa

iphlpapi

GetAdaptersInfo

mfc42

ord825
ord561
ord815
ord1575
ord823

msvcrt

__CxxFrameHandler
sprintf
strncpy
_itoa
memmove
_except_handler3
_local_unwind2
strchr
atoi
_purecall
printf
fclose
fprintf
fopen
_beginthreadex
srand
time
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
strncmp
_mbscpy
rand
_ftol
difftime
mktime
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp

kernel32

TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
ResetEvent
IsBadWritePtr
HeapFree
GetProcessHeap
HeapAlloc
GetPrivateProfileStringA
InterlockedCompareExchange
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLCID
WideCharToMultiByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileTime
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileA
CreateEventA
GetCurrentThread
WaitForSingleObjectEx
GetCurrentProcess
WriteProcessMemory
GetModuleFileNameA
SetEvent
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiA
GetModuleHandleA
GetCommandLineA
lstrcmpA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
Sleep
lstrcpynA
lstrlenA
LocalFree
LocalLock
CloseHandle
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
lstrcatA
FreeLibrary
LoadLibraryExA

user32

wvsprintfA
wsprintfA
GetActiveWindow
MessageBoxA

advapi32

GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptReleaseContext
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
SetServiceStatus
RegisterServiceCtrlHandlerExA
RegisterEventSourceA
OpenProcessToken
OpenThreadToken
ReportEventA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
StartServiceCtrlDispatcherA
DeregisterEventSource

oleaut32

GetErrorInfo
SysFreeString

msvcp60

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1strstreambuf@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

odbc32

ord4
ord12
ord11
ord36
ord13
ord72
ord9
ord7
ord75
ord24
ord31
ord19
ord26

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsedb1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsedb3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsedb2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsenw2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsenw3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsenw4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsenw1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jsed
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f9334234ca218d409d218b52421d3ff

Headers

File Characteristics

Imports

ws2_32

iphlpapi

mfc42

msvcrt

kernel32

user32

advapi32

oleaut32

msvcp60

odbc32

mswsock

Sections

.text Size: 164KB - Virtual size: 164KB

.jsedb1 Size: 4KB - Virtual size: 4KB

.jsedb3 Size: 4KB - Virtual size: 4KB

.jsedb2 Size: 4KB - Virtual size: 4KB

.jsenw2 Size: 4KB - Virtual size: 4KB

.jsenw3 Size: 4KB - Virtual size: 4KB

.jsenw4 Size: 4KB - Virtual size: 4KB

.jsenw1 Size: 4KB - Virtual size: 4KB

.jsed Size: 4KB - Virtual size: 4KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 712KB - Virtual size: 712KB

.text
Size: 164KB - Virtual size: 164KB

.jsedb1
Size: 4KB - Virtual size: 4KB

.jsedb3
Size: 4KB - Virtual size: 4KB

.jsedb2
Size: 4KB - Virtual size: 4KB

.jsenw2
Size: 4KB - Virtual size: 4KB

.jsenw3
Size: 4KB - Virtual size: 4KB

.jsenw4
Size: 4KB - Virtual size: 4KB

.jsenw1
Size: 4KB - Virtual size: 4KB

.jsed
Size: 4KB - Virtual size: 4KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 712KB - Virtual size: 712KB