8dd40a3fc067827ab1720f9457b13a7d

Sharing

Copy URL Twitter E-mail

General

Target

8dd40a3fc067827ab1720f9457b13a7d
Size

84KB
MD5

8dd40a3fc067827ab1720f9457b13a7d
SHA1

d4791214ef47f4f9122d202e3da672a916848f85
SHA256

1f456692b9a5e7e710be389bfa5657f2786013e385cb3b04c33a9209cec53f10
SHA512

e28081276f977fd60c4cba7c2ad56b3cfe2d0b649844aa377bf0c59621bdd834d081912cb5ea0f18e7894e253513a162eb0e1880a3c963e7245e7fbe24b20a7a
SSDEEP

1536:rovnVOId/c0yJrRdtEfn5P/TS0C3b+9qjrWyYCiPtD6ij9CD2A3AY1tZ:rMVrd0JrRdt+538lYR453A0tZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dd40a3fc067827ab1720f9457b13a7d

Files

8dd40a3fc067827ab1720f9457b13a7d
.exe windows:4 windows x86 arch:x86

9f396857640dc2e4976d395c2a43fbf0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup

kernel32

lstrlenW
InterlockedIncrement
InterlockedDecrement
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetSystemDirectoryA
lstrcatA
CopyFileA
LeaveCriticalSection
WaitForSingleObject
SetEvent
DuplicateHandle
CreateEventA
CloseHandle
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSection
GetUserGeoID
DeleteCriticalSection
lstrlenA
GetGeoInfoA
Sleep
InterlockedExchange
EnterCriticalSection
lstrcmpiW
SetUnhandledExceptionFilter
GetLastError
GetCommandLineW
LocalFree
GetVersionExA
GetConsoleOutputCP
GetCurrentProcess
HeapSize
RtlUnwind
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
WriteConsoleW
FlushFileBuffers
CreateFileA
GetStringTypeA
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetExitCodeProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RaiseException
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

MessageBoxA

advapi32

OpenProcessToken
CreateProcessAsUserA
AdjustTokenPrivileges
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerExA
CloseServiceHandle
StartServiceA
CreateServiceA
OpenSCManagerA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
GetCurrentHwProfileA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA

urlmon

URLDownloadToFileA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpen
WinHttpReadData
WinHttpConnect

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQueryUserToken

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f396857640dc2e4976d395c2a43fbf0

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

urlmon

shell32

winhttp

wtsapi32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB