87dd01672a6aac26fe0dd6c14fa94f22

Sharing

Copy URL Twitter E-mail

General

Target

87dd01672a6aac26fe0dd6c14fa94f22
Size

55KB
MD5

87dd01672a6aac26fe0dd6c14fa94f22
SHA1

30cf05ec8c2dd86966837f32da0b9d4fda4d120f
SHA256

e73895350af71bf3db0b5910a999a07eed437179b315ca41a067221d382bf38e
SHA512

e5b6f255d08efd81bd755d7c79d0b3c6ec4f574e50bea31c6b9ba14ff2f66ea974d96f884f5668ac1ed4bab2a66cb73ce5e4953d411dc0d23d7aa5973542b0f9
SSDEEP

1536:DqoUVKxhRpPBUKvPxVN/cI6gCz3MLBhfmXtohP5MQW:DBFTRpZjvly5zg3L16x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87dd01672a6aac26fe0dd6c14fa94f22

Files

87dd01672a6aac26fe0dd6c14fa94f22
.exe windows:4 windows x86 arch:x86

42ab9f6a4b187deb5ecb745f468be958

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
vsprintf
calloc
_memicmp
strcat
strncmp
strtok
??2@YAPAXI@Z
??3@YAXPAX@Z
sscanf
isxdigit
memcmp
_vsnprintf
strncpy
malloc
strcmp
strstr
free
srand
rand
sprintf
memcpy
strcpy
_snprintf
strlen
memset
atoi

ws2_32

ioctlsocket
connect
send
WSACleanup
ntohs
inet_ntoa
gethostbyname
recvfrom
select
sendto
WSAStartup
inet_addr
htons
socket
closesocket
getpeername

kernel32

UnlockFile
GetLogicalDriveStringsA
lstrcpynA
lstrlenA
HeapReAlloc
lstrcmpW
DeviceIoControl
ExitThread
MoveFileExA
GetFileSize
LockFile
CreateEventA
GetCommandLineA
GetVersionExA
MultiByteToWideChar
CreateDirectoryA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
SetThreadContext
ReadProcessMemory
GetThreadContext
UnmapViewOfFile
lstrcpyA
MapViewOfFile
WideCharToMultiByte
ConnectNamedPipe
CreateFileMappingA
LoadLibraryA
GetTickCount
Sleep
CreateThread
HeapFree
GetLastError
HeapAlloc
VirtualProtect
VirtualAlloc
OutputDebugStringA
GetProcAddress
Thread32Next
SuspendThread
ResumeThread
OpenThread
CloseHandle
Thread32First
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
VirtualFree
GetCurrentProcess
ExitProcess
CopyFileA
SetFileAttributesA
CreateProcessA
OpenMutexA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
GetModuleFileNameA
DisconnectNamedPipe
FlushFileBuffers
ReadFile
GetCurrentThreadId
CreateNamedPipeA
WriteFile
CreateFileA
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
OpenFileMappingA

shlwapi

StrCmpNA
AssocQueryStringA
StrCmpNIA
StrStrIA
PathFindExtensionA
PathAppendA

psapi

GetModuleFileNameExA

urlmon

ObtainUserAgentString

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetQueryOptionA
HttpQueryInfoW

user32

UnregisterDeviceNotification
PostQuitMessage
DefWindowProcA
CreateWindowExA
RegisterDeviceNotificationA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA

advapi32

RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegDeleteValueA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ab9f6a4b187deb5ecb745f468be958

Headers

File Characteristics

Imports

msvcrt

ws2_32

kernel32

shlwapi

psapi

urlmon

wininet

user32

advapi32

shell32

ole32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 74KB

.CRT Size: 512B - Virtual size: 12B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 74KB

.CRT
Size: 512B - Virtual size: 12B

.reloc
Size: 4KB - Virtual size: 4KB