8670f4bf2f95bdd3a3964721ce2fef5f

Sharing

Copy URL Twitter E-mail

General

Target

8670f4bf2f95bdd3a3964721ce2fef5f
Size

208KB
MD5

8670f4bf2f95bdd3a3964721ce2fef5f
SHA1

5baddf6feee9964c8b059f4279c49a2719850140
SHA256

e1fa9aafedb64f136a4a771a68f862756108e293593ec574101052280660b875
SHA512

27c4d85b71d3720360eb520b0de9b29f0cb3e317d6e9845c3d72371795b65a4b907381d5bbdb05b6573cdd82d9c9d8f4697b12f4e64cc84ce7ecf9a297ddc3f0
SSDEEP

6144:sE+13leCofnIdGA20VA17/XunE9PhJRXCEfuX:spLofIdGAbAdunEgX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8670f4bf2f95bdd3a3964721ce2fef5f

Files

8670f4bf2f95bdd3a3964721ce2fef5f
.exe windows:4 windows x86 arch:x86

4b8f7c8ad040db17623ee573bf6e9861

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\David\My Documents\Visual Studio Projects\DaemonScript\Release\DaemonScript.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ord16

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCheckConnectionA

kernel32

GlobalFree
GlobalAlloc
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
MultiByteToWideChar
CloseHandle
GetFileSize
CreateFileA
ReadFile
SetFilePointer
SetCurrentDirectoryA
ExitProcess
LoadLibraryExA
FormatMessageA
GetWindowsDirectoryA
GetFileAttributesA
OutputDebugStringA
GetLastError
ExpandEnvironmentStringsA
Sleep
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentDirectoryA
WriteFile
ResumeThread
SuspendThread
CopyFileA
IsBadCodePtr
GetVersionExA
InterlockedExchange
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
TerminateProcess
HeapAlloc
HeapFree
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
HeapReAlloc
IsBadWritePtr
VirtualQuery
GetStringTypeA
GetStringTypeW
GetACP
VirtualProtect
GetSystemInfo
SetStdHandle
GetLocaleInfoA
LCMapStringA
LCMapStringW
HeapSize
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
GetTempPathA
FlushFileBuffers

user32

GetClassNameA
GetNextDlgTabItem
TranslateAcceleratorA
IsDialogMessageA
CreateDialogParamA
LoadAcceleratorsA
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
SetClassLongA
DestroyMenu
GetMessagePos
ScreenToClient
CreatePopupMenu
MapWindowPoints
SetWindowPos
TrackPopupMenu
DispatchMessageA
DefWindowProcA
DestroyIcon
DrawIconEx
GetDlgItemTextA
KillTimer
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
GetCursorPos
WindowFromPoint
IsWindowEnabled
SetWindowTextA
LoadStringA
GetKeyState
InsertMenuItemA
MessageBoxA
DestroyWindow
ShowWindow
SetFocus
SetDlgItemInt
LoadIconA
DialogBoxParamA
EndDialog
GetParent
EnableWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
SendMessageA
GetDC

gdi32

CreateFontA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegSetValueA
RegDeleteValueA
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHChangeNotify
ExtractIconA
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoInitialize
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
OleInitialize

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b8f7c8ad040db17623ee573bf6e9861

Headers

File Characteristics

PDB Paths

Imports

version

comctl32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 135KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 135KB

.rsrc
Size: 96KB - Virtual size: 96KB