8f0f3e5248c9df780763c04ed2b4c30c

Sharing

Copy URL Twitter E-mail

General

Target

8f0f3e5248c9df780763c04ed2b4c30c
Size

68KB
MD5

8f0f3e5248c9df780763c04ed2b4c30c
SHA1

3d458e355a7b5cdb20c76820d42e2a7663a3dd8d
SHA256

1cac583b64efcc5dff6670384deae1682f201748cf22eedb79468a71a5a136f8
SHA512

21544dfbe7aaddc27e080e5cd130f2dd9e44ef97dd440745ce9ae22c8c354c54626c6661e5b2a3f79fb41ae9bd5c2f1bfb29deb309b6bb62421f0402827e2dcc
SSDEEP

768:k/FPEYQAi+oOrvDA78/YfPhOgnrRYteRbcwfNvQ111111Cu8Xojq7zK2:k/FmtckdfP1rqturf+111111CCCm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f0f3e5248c9df780763c04ed2b4c30c

Files

8f0f3e5248c9df780763c04ed2b4c30c
.exe windows:5 windows x86 arch:x86

ffbd9dc4807695e4c61f3988e2486bc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work_svn\madonna\build\Release\bin\i386\Execode_GL.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegFlushKey
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegDeleteValueA

kernel32

GetVersion
CloseHandle
GetCurrentProcess
WriteFile
DeleteFileA
CreateFileA
ReadFile
GetFileSize
CreateProcessA
ExpandEnvironmentStringsA
GetSystemDirectoryA
Sleep
CreateThread
GetSystemTime
lstrcmpiA
GetTickCount
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
CreateMutexA
TerminateThread
GetDateFormatA
GetTimeFormatA
SetFilePointer
ExitThread
GetCurrentThreadId
GetVolumeInformationA
GetModuleHandleA
LoadLibraryA
GetProcAddress
DeviceIoControl
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetLocalTime
TerminateProcess
SetUnhandledExceptionFilter
FlushFileBuffers
GetStdHandle
WriteConsoleA
WaitForSingleObject
OutputDebugStringA
ReleaseMutex
VirtualQuery

ntdll

memset
strlen
_vsnprintf
_chkstk
strcpy
isalpha
_fltused
strstr
atoi
memcpy
_snprintf
isgraph
strcat

wininet

FtpPutFileA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetConnectA

ws2_32

setsockopt
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
WSAGetLastError
sendto
recvfrom
ntohs
ioctlsocket
getsockname
send
socket
connect
closesocket
htons
inet_addr
gethostbyname
inet_ntoa
recv

imagehlp

SymCleanup
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
SymInitialize

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffbd9dc4807695e4c61f3988e2486bc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

wininet

ws2_32

imagehlp

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 14KB - Virtual size: 34KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 14KB - Virtual size: 34KB

.rsrc
Size: 22KB - Virtual size: 22KB