9954d2bcf80b17b4220df70395279b7b

General

Target

9954d2bcf80b17b4220df70395279b7b
Size

44KB
MD5

9954d2bcf80b17b4220df70395279b7b
SHA1

6af73383df3ca5c8f71ce643a4655ec7afb25c6b
SHA256

a5c456ce9d094925cf77202c4c9ae59ce6ca61d42a3d41f9bba71ad52de0367e
SHA512

b91fa14d469093e6b46743ff062f09a52e74ef4847697c134ffc2347ef7ff7efa41390e2100979a90d79415c23b2c054bb27cf62a8d5204eaa0c879ee199275e
SSDEEP

768:+Tu1MNmllyF5K1pAicppY0E5YaOwuXscCEgbi4LlvpMl:+0qAnA8YHcjEEal

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9954d2bcf80b17b4220df70395279b7b

Files

9954d2bcf80b17b4220df70395279b7b
.exe windows:4 windows x86 arch:x86

e2124a29063823385c2f249af8294cf3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
SetThreadPriority
GetCurrentThread
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
GetEnvironmentVariableA
GetWindowsDirectoryA
FindClose
Sleep
FindNextFileA
lstrcmpA
lstrcpynA
ReadFile
WideCharToMultiByte
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcmpiA
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
DeleteFileA
FindFirstFileA
CreateThread
lstrcpyA
lstrcatA
GetModuleFileNameA
GetDriveTypeA
lstrlenA
SetEndOfFile
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetLastError
WriteFile

user32

DispatchMessageA
wsprintfA
CharLowerA
GetMessageA
TranslateMessage

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegEnumKeyA

ws2_32

select
recv
ntohs
closesocket
socket
sendto
gethostbyname
inet_addr
htons
WSAStartup

wininet

InternetCloseHandle
FtpGetFileA
FtpSetCurrentDirectoryA
InternetConnectA
InternetOpenA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2124a29063823385c2f249af8294cf3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB