7e85aa9b28ec06ba34f453013a01a963

Sharing

Copy URL Twitter E-mail

General

Target

7e85aa9b28ec06ba34f453013a01a963
Size

226KB
MD5

7e85aa9b28ec06ba34f453013a01a963
SHA1

42f05c6054ac13bd2274fed7782f4ce7d5f8ccd0
SHA256

bae509eb0b1f577a95a2b62aaf1a75b0bf1f3a8d2922cee3a06d19e0b84c4da2
SHA512

5806d5d94148b5696104859c95f7df6b9805c129c677f8dd4a90cef4d5d7c8e32854c3c1f93d35cf18fd6e2427e66f11b1eaf4a2d51488efe5cf9dd15fe57d72
SSDEEP

6144:UOCeNfF5zHTPfhLK8YEHLK5BkKMaUTwQzhpTWK:UUlPzRKuHLgBkKMQQzbWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e85aa9b28ec06ba34f453013a01a963

Files

7e85aa9b28ec06ba34f453013a01a963
.exe windows:4 windows x86 arch:x86

93a7c2981500e24ee1ec4c934f7a0710

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSADuplicateSocketA
WSAAccept
WSASetLastError
WSAAsyncGetProtoByName
ntohl
WSAGetQOSByName
socket
WSACreateEvent
WSAProviderConfigChange
WSADuplicateSocketW
WSAHtons
WSACloseEvent
WSAConnect
WSARecvFrom
setsockopt

comdlg32

CommDlgExtendedError
ReplaceTextA

advapi32

RegSetKeySecurity
DestroyPrivateObjectSecurity
LockServiceDatabase
StartServiceCtrlDispatcherW
LogonUserW
GetServiceDisplayNameA
SetTokenInformation
SetNamedSecurityInfoW

kernel32

SetConsoleWindowInfo
GetDiskFreeSpaceW
IsValidLocale
WritePrivateProfileStringW
OpenFile
GetCurrentProcessId
GetProfileStringA
GetFileType
GetBinaryTypeA
ReadFile
GetFileAttributesA
MultiByteToWideChar
GetConsoleCursorInfo
CloseHandle
SearchPathW
TryEnterCriticalSection
GetLogicalDriveStringsA
ReadConsoleInputW
GetDateFormatA
ExitProcess
FreeEnvironmentStringsA
IsBadStringPtrA
SetCurrentDirectoryA
EnumDateFormatsW
GetSystemDirectoryW
GetTimeZoneInformation
QueryDosDeviceA
ReadFileScatter
GetNumberFormatW
OutputDebugStringW
ExpandEnvironmentStringsW
_lopen
lstrcpyA
GetSystemTimeAsFileTime
SetCommTimeouts
GenerateConsoleCtrlEvent
SetProcessShutdownParameters
GetThreadContext
VirtualQuery
GlobalFindAtomA
DuplicateHandle
GetStartupInfoA
GetCommandLineW
VirtualAllocEx
SizeofResource
FileTimeToLocalFileTime
GetModuleHandleA
SetConsoleOutputCP
ScrollConsoleScreenBufferA
DeleteFiber
GetShortPathNameA
EnumSystemCodePagesW
IsProcessorFeaturePresent
SetProcessWorkingSetSize
SetSystemTime
WritePrivateProfileSectionA
WritePrivateProfileSectionW
OpenMutexA
LoadLibraryExA
GetSystemTime
GetFileInformationByHandle
VirtualProtect
GetPrivateProfileStringA
GetCommModemStatus
IsDBCSLeadByteEx
RemoveDirectoryA
ReadConsoleA
FindCloseChangeNotification
EnumResourceLanguagesW
GetStringTypeExW
IsBadWritePtr
SetEvent
lstrlenA
VirtualAlloc
TlsGetValue
lstrcmpA

comctl32

ImageList_Destroy
PropertySheetA

ole32

CoDisconnectObject
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize

user32

GetDlgItemInt
GetKeyNameTextW
GetMenuItemRect
SendDlgItemMessageA

gdi32

GetCharacterPlacementA
Escape
GetTextExtentPointA
PaintRgn
TranslateCharsetInfo
CreateDIBSection
CreatePenIndirect
ResizePalette
CreateFontIndirectW
CreateFontA
SetViewportOrgEx
ChoosePixelFormat
TextOutA
DeleteDC
ExtTextOutW
CreateFontIndirectA
GetDIBColorTable
SelectClipRgn
CreateCompatibleDC

oleaut32

SysAllocStringLen
VariantCopy
SysStringLen
SafeArrayRedim
QueryPathOfRegTypeLi
SetErrorInfo
SafeArrayGetElement
SafeArrayCreate

msvcrt

_ecvt
iswalnum
ctime
wcscpy
_pclose
_mbsnbcat
__p___argc
sprintf
putchar
wcscoll
mktime
sscanf
strncat
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
qsort
wcsncpy
_wtoi
_tempnam
_mbsnicmp
_lseeki64
rename
_waccess
_mbscpy
iswdigit
strtod
_mbctolower
strchr
wcsspn
_wcsicoll
isxdigit

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93a7c2981500e24ee1ec4c934f7a0710

Headers

File Characteristics

Imports

ws2_32

comdlg32

advapi32

kernel32

comctl32

ole32

user32

gdi32

oleaut32

msvcrt

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 29KB - Virtual size: 29KB

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 29KB - Virtual size: 29KB