978aed63d855c58e66e7c04ba08b3f79

Sharing

Copy URL Twitter E-mail

General

Target

978aed63d855c58e66e7c04ba08b3f79
Size

40KB
MD5

978aed63d855c58e66e7c04ba08b3f79
SHA1

cd5d97bd46e1ccf6a659bd89cb4d6b0dd1e5158c
SHA256

d00e419afdee8e20a0dd65aa748a80ac953919a892a2080a64e3f8e0ddefd3c3
SHA512

e3663d7fc8aee68d1331021dcd45151ba3cd9b6b4c3cefa5c400a5c000cae55577582fd104a626281a7630714d201cdc0ec1510f9f80a087cd38c4578188b470
SSDEEP

768:r5Hbd3vpeHbT56e6NR1TIM+UZBxR7SAh:Z0ETR82h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
978aed63d855c58e66e7c04ba08b3f79

Files

978aed63d855c58e66e7c04ba08b3f79
.exe windows:4 windows x86 arch:x86

b7f0ca2666f9a0e8be86d1406ef5ed3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
shutdown
accept
inet_ntoa
gethostname
sendto
socket
inet_addr
gethostbyname
setsockopt
bind
listen
WSAAsyncSelect
recvfrom
send
recv
htons
connect
WSAGetLastError
closesocket

mfc42

ord4168
ord518
ord5607
ord5600
ord785
ord501
ord1083
ord5621
ord773
ord823
ord800
ord825
ord540
ord860

msvcrt

__dllonexit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter
_exit
_onexit
__getmainargs
?terminate@@YAXXZ
_except_handler3
sprintf
_stricmp
exit
atoi
printf
strncpy
malloc
free
__CxxFrameHandler
__p___initenv

kernel32

GetModuleFileNameA
SetEvent
CreateEventA
WaitForSingleObject
GetQueuedCompletionStatus
GetOverlappedResult
FormatMessageA
LocalFree
SetConsoleCtrlHandler
GetModuleHandleA
Sleep
lstrlenA
GetLastError
ReadFile
CreateThread
GetTickCount
GlobalAlloc
GlobalFree
CreateIoCompletionPort
PeekNamedPipe
WriteFile
TerminateProcess
DuplicateHandle
GetCurrentProcess
GetProcAddress
CloseHandle

user32

PostMessageA
DestroyWindow
wsprintfA
GetDesktopWindow
CreateWindowExA
PeekMessageA

advapi32

RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegSetValueExA
RegOpenKeyExA
CreateServiceA
RegCloseKey
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7f0ca2666f9a0e8be86d1406ef5ed3a

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 2KB