acc5c46ae2e509c59a952269622b4e6b5fa6cf9d03260bfebdfaa86c734ee6ea

Sharing

Copy URL Twitter E-mail

General

Target

acc5c46ae2e509c59a952269622b4e6b5fa6cf9d03260bfebdfaa86c734ee6ea
Size

2.6MB
MD5

a9bc458ea382163618f2bfc5370e8723
SHA1

5abb8c9d28393fddd529d7ab2f34ad1c48b8267b
SHA256

acc5c46ae2e509c59a952269622b4e6b5fa6cf9d03260bfebdfaa86c734ee6ea
SHA512

aa6702c262a9034a3c21b619c382aaf5476b0f628809bba39d34733c8dfe0b18118f7f3160d98f6e35f5a2803bf2cd6e31085754896341d73fa46eed7bf51704
SSDEEP

49152:mvd94e8rxp49Fpr0BMFdVBBK0ZozNQV5uGCAr+PgSkE0:4d94eOD4b10CLV3NZoY55QPgSkE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acc5c46ae2e509c59a952269622b4e6b5fa6cf9d03260bfebdfaa86c734ee6ea

Files

acc5c46ae2e509c59a952269622b4e6b5fa6cf9d03260bfebdfaa86c734ee6ea
.exe windows:5 windows x86 arch:x86

90a06fe7bac1554c3a1cf6f2228bd8b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
LocalFree
GetVersionExA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
QueueUserWorkItem
CreateEventW
GetLastError
Sleep
SetEvent
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
ReadFile
SetStdHandle
GetStringTypeW
HeapSize
SetFilePointer
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreatePipe
GetStartupInfoW
SetHandleCount
GetFileAttributesA
WriteFile
LoadLibraryW
Process32FirstW
TerminateProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
ExitProcess
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetCommandLineW
HeapSetInformation
GetSystemTimeAsFileTime
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapAlloc
HeapFree
GetTimeZoneInformation
ExitThread
HeapReAlloc
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateFileW
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

StartServiceCtrlDispatcherW
DeregisterEventSource
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW

odbc32

ord31
ord7
ord39
ord75
ord24
ord11
ord9

ws2_32

WSAGetLastError
socket
accept
bind
listen
connect
getpeername
getsockname
getsockopt
WSAPoll
ioctlsocket
sendto
recv
recvfrom
shutdown
closesocket
setsockopt
htons
ntohl
ntohs
WSAStartup
htonl
gethostbyname
gethostname
WSASocketA
inet_pton
inet_ntoa
send

dnsapi

DnsQuery_A

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fsg0
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fsg1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fsg2
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90a06fe7bac1554c3a1cf6f2228bd8b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

odbc32

ws2_32

dnsapi

Sections

.text Size: 296KB - Virtual size: 296KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 60KB - Virtual size: 60KB

.fsg0 Size: 568KB - Virtual size: 568KB

.fsg1 Size: 4KB - Virtual size: 4KB

.fsg2 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 296KB - Virtual size: 296KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 60KB - Virtual size: 60KB

.fsg0
Size: 568KB - Virtual size: 568KB

.fsg1
Size: 4KB - Virtual size: 4KB

.fsg2
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB