7a53afa8803e5d8cb169fd067437fe51

Sharing

Copy URL

Twitter E-mail

General

Target

7a53afa8803e5d8cb169fd067437fe51
Size

507KB
MD5

7a53afa8803e5d8cb169fd067437fe51
SHA1

a81acc31b598e1a640ef91b1c4abcbf827f17a0f
SHA256

1fd09d82c72e2f59384bb25dd6a47a6d45e38d2d6aad5a3df19d8dc2f4dd69dd
SHA512

f8df2250af6be54e38f8bf127d66791dd1eee94c09996443162a66644de31f1f270d17bd7314f193a109db2c838545f579839ba1e758463bc3a532728b05bbb7
SSDEEP

12288:SLgI37qsC/rHyq6ADx09nJenVjP1/y9TTl5D7RIF5TQwRh6lC3fj:Sb37qsC/jyq6c3mTl5DmgwAIfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a53afa8803e5d8cb169fd067437fe51

Files

7a53afa8803e5d8cb169fd067437fe51
.exe windows:4 windows x86 arch:x86

e7013d6ea11639fd4c5c81ab4f8e3fcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeStringEx
RtlUnwind
_wcsicmp
_chkstk
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
memmove
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
RtlIsNameLegalDOS8Dot3
wcslen

dnsapi

DnsReplaceRecordSetW

comctl32

FlatSB_GetScrollRange

mswsock

GetAcceptExSockaddrs
AcceptEx

rpcrt4

RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingFree
RpcStringFreeW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

gdi32

GetTextExtentPointW
CreateCompatibleBitmap
SetViewportExtEx
GetCharWidth32W
SelectObject
CreateSolidBrush
TextOutW
GetDeviceCaps
TranslateCharsetInfo
EnumFontFamiliesExW

kernel32

GetTickCount
lstrlenA
InterlockedExchange
DelayLoadFailureHook
GetShortPathNameW
WaitForSingleObject
GetProcAddress
GetVersionExA
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetModuleHandleA
GetCurrentProcessId
WideCharToMultiByte
GetLastError
GetDriveTypeW
SetUnhandledExceptionFilter
TlsSetValue
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GlobalLock
QueryPerformanceCounter
InterlockedDecrement
ExpandEnvironmentStringsW
FindResourceW
LoadLibraryW
InterlockedIncrement
GetCurrentThreadId
TerminateProcess
lstrcmpW
GetProcessVersion
lstrcmpiW
CreateEventW
FindNextFileW
TlsAlloc
GetSystemDefaultUILanguage
SetCurrentDirectoryW
FreeLibrary
GetCurrentProcess
lstrlenW
FormatMessageW
ResetEvent
TlsFree
LockResource
LocalAlloc
LocalSize
SetEvent
TlsGetValue
GetModuleFileNameW
FindResourceA
DeleteFileW
GetSystemTimeAsFileTime
lstrcpyA
DeleteCriticalSection
LeaveCriticalSection
LoadResource
MultiByteToWideChar
GetVolumeInformationW
FreeResource
lstrcpyW
CloseHandle
LocalFree
GetProfileStringW
GlobalUnlock
GetLocaleInfoW
DisableThreadLibraryCalls
SetErrorMode
GetUserDefaultLCID
LoadLibraryA
GlobalFree
CreateFileW
CreateThread
GetCurrentDirectoryW
GetTempFileNameW
SizeofResource
lstrcpynW
FindClose
GetACP
SetLastError
GetFileAttributesW
FindResourceExW
EnterCriticalSection
GetModuleHandleW
LocalReAlloc
InterlockedCompareExchange
GlobalAlloc
MulDiv
GlobalReAlloc

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7013d6ea11639fd4c5c81ab4f8e3fcd

Headers

File Characteristics

Imports

ntdll

dnsapi

comctl32

mswsock

rpcrt4

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 80KB - Virtual size: 920KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 395KB - Virtual size: 396KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 80KB - Virtual size: 920KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 395KB - Virtual size: 396KB