7cb5c67f2e28f543c358ccc61175954e

Sharing

Copy URL Twitter E-mail

General

Target

7cb5c67f2e28f543c358ccc61175954e
Size

494KB
MD5

7cb5c67f2e28f543c358ccc61175954e
SHA1

f28308670e90244ecacc6937acba0c34d5453131
SHA256

d3689dc8dcce2b089132762d20ea8dc77d867be20b8a3bf5ead9647ecef1a525
SHA512

a9cb7894646e6d78476997a619cc5af5787ba0901ffbcdbde2094430f7ae49c61c9c7e9d70e2fe3c247e097ff0365143c8b038776b004eaf5bdc59de06bb6c1c
SSDEEP

12288:sVwkt12/cROnydDnaJkZQX17a+QgbTC6I8QZ0U:sVjM/cROWKEw7azIWrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cb5c67f2e28f543c358ccc61175954e

Files

7cb5c67f2e28f543c358ccc61175954e
.exe windows:4 windows x86 arch:x86

e92a9ecda095a1e24dac47c9a48d1796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

ntdll

CsrGetProcessId

user32

DlgDirListComboBoxW
EnumPropsA

ws2_32

WSALookupServiceNextW
getnameinfo
WSALookupServiceEnd
WSALookupServiceBeginW
WSAEventSelect
FreeAddrInfoW
WSAAddressToStringW
WSAIoctl
WSASendTo
WSARecvFrom
WSASocketW
WSAAddressToStringA
GetAddrInfoW
WSAStringToAddressA

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptGenRandom
RegEnumKeyExW
RegQueryValueExW
CryptReleaseContext
RegEnumValueW

mswsock

AcceptEx
GetAcceptExSockaddrs

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

esent

JetOpenFile

rtutils

TracePrintfExW
TraceRegisterExW
TraceDeregisterW
RouterLogRegisterW
RouterLogDeregisterW

wmi

EnableTrace

iphlpapi

NotifyRouteChange
NotifyAddrChange
GetAdaptersAddresses
GetAdaptersInfo

kernel32

GetLastError
VirtualAlloc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 348KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e92a9ecda095a1e24dac47c9a48d1796

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

ntdll

user32

ws2_32

advapi32

mswsock

ole32

esent

rtutils

wmi

iphlpapi

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 348KB - Virtual size: 2.1MB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 19KB - Virtual size: 19KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 348KB - Virtual size: 2.1MB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 19KB - Virtual size: 19KB