99ccdf7a7d8c6b61d63d399cb0f162d0

Sharing

Copy URL

Twitter E-mail

General

Target

99ccdf7a7d8c6b61d63d399cb0f162d0
Size

40KB
MD5

99ccdf7a7d8c6b61d63d399cb0f162d0
SHA1

b0d68176b48337bf88eabfead21f515596aef6f2
SHA256

6e2f17b8df44e77c9701138681a010c7439333025c258a5a74722dd27b846252
SHA512

5c9b9b8b68bf99f0b5551573e11fbc6b85bdc35d65e7e106fb733c8ee83d9bf4ad6f566afefdaeba30554313d00a929be1cf64c1ba19fc026a5e3fb8908b4217
SSDEEP

384:MKUW9omm3o8JYlHGfb2gCtDZct6GVxwh/EcwOLRQSz0YgeBd3phtPl1k7tnnYjpf:M7ETPBZcRg/EcXL2SrgeBd3vd6nYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99ccdf7a7d8c6b61d63d399cb0f162d0

Files

99ccdf7a7d8c6b61d63d399cb0f162d0
.exe windows:4 windows x86 arch:x86

845f6b8e3c521460717dacab27911b80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
GetTempPathA
GlobalFree
GlobalAlloc
GetFileSize
ReadFile
OpenFile
DeleteFileA
WritePrivateProfileStringA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
CopyFileA
GetCurrentProcess
GetSystemDirectoryA
GetVersionExA
FindFirstFileA
FindClose
FindNextFileA
GetStartupInfoA
GetModuleHandleA
WaitForMultipleObjects
CreateThread
Sleep
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
SetFileTime
WriteFile

user32

KillTimer
SetTimer
TranslateMessage
GetMessageA
wsprintfA
DispatchMessageA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
CloseServiceHandle
StartServiceA
RegQueryValueExA
CreateServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA

shell32

ShellExecuteA

ws2_32

getsockname
inet_addr
connect
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
WSACloseEvent
select
socket
htons
bind
listen
WSACleanup
accept
gethostbyname
inet_ntoa
send
WSAGetLastError
shutdown
recv
closesocket
recvfrom
sendto
getservbyname
ntohs
WSAIoctl
WSAStartup
__WSAFDIsSet

psapi

GetModuleFileNameExA

iphlpapi

GetNetworkParams

wininet

InternetGetConnectedState

msvcrt

_strdup
_stricmp
_itoa
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
signal
srand
fprintf
printf
_unlink
rename
_tzset
localtime
strftime
_timezone
_strcmpi
abs
time
fopen
fputs
fclose
ftell
fgets
fseek
sprintf
realloc
strcspn
strrchr
strncmp
memset
malloc
free
memcpy
strcmp
strcpy
isalpha
strlen
atoi
strncat
strcat
strstr
rand
strtol
strncpy
_strnicmp
strchr

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

845f6b8e3c521460717dacab27911b80

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

psapi

iphlpapi

wininet

msvcrt

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB