801a8183cfc09ab54a91dec5c9e57002

Sharing

Copy URL Twitter E-mail

General

Target

801a8183cfc09ab54a91dec5c9e57002
Size

12KB
MD5

801a8183cfc09ab54a91dec5c9e57002
SHA1

f3343014cefe60e42c4355bee9bee93ab52f7020
SHA256

5bfa8e87a59d1fd410a86631142c0ce0ad949d5702a629e746372d014458332f
SHA512

e609ee3e82e1bb45428b277ca0f9be80df1c1bf0d68d06c28304796ed1955482a12f9400a82382f798be8ad689fabd3d8df6c497c95c2987b12b90a114f7ab7b
SSDEEP

192:FyEiG/vLzzlq06LXPdvHiLz30bJxtngFFnTjb7WfTu9ocBCLzJ5OBKaZlzMMWMYL:FrVvZq0gFKLz0VXgF8fTu2c85KMMWUHE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CLIENT.EXE
unpack001/GRIFIN.EXE

Files

801a8183cfc09ab54a91dec5c9e57002
.zip
CLIENT.EXE
.exe windows:1 windows x86 arch:x86

f34e95a095bbc1cf3d051adc76280859

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ReadFile
GetModuleHandleA
CloseHandle
GetFileSize
Sleep
ExitProcess
CreateFileA

wsock32

inet_addr
htons
connect
closesocket
WSAStartup
WSACleanup
recv
socket
send
WSAAsyncSelect

user32

SetDlgItemTextA
SendDlgItemMessageA
LoadIconA
LoadCursorA
GetDlgItemTextA
EndDialog
DialogBoxParamA
DefWindowProcA

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GRIFIN.EXE
.exe windows:1 windows x86 arch:x86

3b510156d97a153086840f2594ac0096

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WaitForSingleObject
LoadLibraryA
WriteFile
WinExec
FindClose
GetSystemDirectoryA
GetProcAddress
lstrcpyA
MoveFileA
DeleteFileA
CloseHandle
UnmapViewOfFile
GetFileSize
CopyFileA
CreateFileA
MapViewOfFile
GetCommandLineA
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
ExitProcess
ReadFile
CreateThread
GetVersion
CreateFileMappingA
GetWindowsDirectoryA
GetModuleHandleA
CreateDirectoryA
SetFilePointer
GetModuleFileNameA
Sleep
GetSystemTime

advapi32

RegOpenKeyExA
RegCreateKeyExA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegQueryValueExA
OpenServiceA
CreateServiceA

user32

LoadCursorA
GetForegroundWindow
FindWindowA
EndDialog
DialogBoxParamA
DefWindowProcA
ExitWindowsEx
wvsprintfA
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
MessageBoxA
LoadIconA

wsock32

socket
send
select
recv
listen
htons
gethostbyname
closesocket
bind
accept
WSAStartup
WSACleanup
WSAAsyncSelect

mapi32

MAPISendMail
MAPILogon
MAPILogoff

winmm

mciSendStringA

shell32

ShellExecuteA

Sections

CODE
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34e95a095bbc1cf3d051adc76280859

Headers

File Characteristics

Imports

kernel32

wsock32

user32

Sections

CODE Size: 3KB - Virtual size: 4KB

DATA Size: 1KB - Virtual size: 20KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 13KB - Virtual size: 16KB

3b510156d97a153086840f2594ac0096

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wsock32

mapi32

winmm

shell32

Sections

CODE Size: 8KB - Virtual size: 12KB

DATA Size: 7KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

CODE
Size: 3KB - Virtual size: 4KB

DATA
Size: 1KB - Virtual size: 20KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 13KB - Virtual size: 16KB

CODE
Size: 8KB - Virtual size: 12KB

DATA
Size: 7KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB