9917b9b47f5f0ea9bae3eb5b2104975a

Sharing

Copy URL Twitter E-mail

General

Target

9917b9b47f5f0ea9bae3eb5b2104975a
Size

748KB
MD5

9917b9b47f5f0ea9bae3eb5b2104975a
SHA1

f19e1b7fa264c3e2b329e05a29bc2dc87cc48fa2
SHA256

c25314414b8a6054defb5923cbdf57c616f96c66b0b698ccecc84d98f820f564
SHA512

b697540936b2f70315b77271d50359d37d9a677476888736604e4e8c279144ba84564314ff1b05530ed56f5d9d81d5802cce030edb150341c0648949cc68d957
SSDEEP

12288:0CFCKHbaZNGiUYI8bKUROvskaGkWPlSIbuUBHeV4du/HVqGPmx/qap0zUYHq:0CFCK7aTGbhz75aXWHBHI4d0qGPmx/rP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9917b9b47f5f0ea9bae3eb5b2104975a

Files

9917b9b47f5f0ea9bae3eb5b2104975a
.exe windows:4 windows x86 arch:x86

67fbb0a75e3d1e3475a38f7bcf6537c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegQueryValueExA
EnumServicesStatusA
ControlService
DeleteService
RegEnumKeyExA
RegQueryInfoKeyA

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
BitBlt
GetDIBits

msvcrt

_controlfp
__set_app_type
__p__fmode
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
signal
fputs
gmtime
getenv
_setmode
_isctype
__mb_cur_max
_pctype
tolower
_iob
abort
bsearch
realloc
qsort
time
isdigit
calloc
printf
perror
_errno
strerror
__p__commode
wcstombs
mbstowcs
wcscpy
memchr
toupper
_except_handler3
fgets
fprintf
strcat
sscanf
fputc
wcscat
strtok
sprintf
rand
srand
fwrite
fopen
fseek
ftell
fread
fclose
malloc
free
_ftol
exit
strncmp
atof
strchr
strncat
memcmp
system
atoi
strcmp
strcpy
memmove
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_adjust_fdiv
__setusermatherr
_initterm
fflush
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_stricmp
_memccpy
_strdup
__CxxFrameHandler
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
strstr
memset
memcpy
strncpy
strlen
_vsnprintf
wcslen
isspace
_getch
_stat
_fileno
__getmainargs

msvcp60

?_Xlen@std@@YAXXZ
?_Xran@std@@YAXXZ

kernel32

WideCharToMultiByte
GetUserDefaultLCID
GetStringTypeA
LCMapStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoA
FlushConsoleInputBuffer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
SetLastError
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
TransactNamedPipe
GetDiskFreeSpaceExA
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CreateEventA
MoveFileA
CreateDirectoryA
RemoveDirectoryA
GetTempPathA
MultiByteToWideChar
GetLastError
CopyFileA
GetModuleFileNameA
OpenProcess
GetModuleHandleA
CreateThread
TerminateThread
FreeConsole
AllocConsole
GetStdHandle
CreateNamedPipeA
WaitNamedPipeA
TerminateProcess
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
ExpandEnvironmentStringsA
CreateProcessA
GetSystemDirectoryA
DeleteFileA
ExitProcess
GlobalAlloc
WriteFile
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
SetFilePointer
ReadFile
Sleep
GetTickCount

user32

ExitWindowsEx
ReleaseDC
wsprintfA
LoadStringA

shell32

ShellExecuteA
SHGetDiskFreeSpaceExA

ws2_32

WSASetLastError
shutdown
recvfrom
getsockopt
WSASocketA
setsockopt
htonl
sendto
gethostname
WSAIoctl
gethostbyaddr
inet_ntoa
ioctlsocket
getpeername
connect
WSAGetLastError
__WSAFDIsSet
WSACleanup
WSAStartup
socket
htons
bind
getsockname
listen
gethostbyname
ntohs
ntohl
select
closesocket
accept
send
recv
inet_addr

netapi32

NetRemoteTOD
NetUseAdd
NetApiBufferFree
NetShareEnum
NetUserEnum
NetScheduleJobAdd
NetUseDel

mpr

WNetCancelConnection2A
WNetAddConnection2A
WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

dnsapi

DnsQuery_A

odbc32

ord9
ord11
ord41
ord24
ord31
ord75

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rvelpmq
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67fbb0a75e3d1e3475a38f7bcf6537c4

Headers

File Characteristics

Imports

advapi32

gdi32

msvcrt

msvcp60

kernel32

user32

shell32

ws2_32

netapi32

mpr

psapi

dnsapi

odbc32

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 100KB - Virtual size: 126KB

.rvelpmq Size: 16KB - Virtual size: 16KB

Size: 12KB - Virtual size: 9KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 100KB - Virtual size: 126KB

.rvelpmq
Size: 16KB - Virtual size: 16KB