9aa8c4921ab1f794475d08e8131dd69b

Sharing

Copy URL

Twitter E-mail

General

Target

9aa8c4921ab1f794475d08e8131dd69b
Size

280KB
MD5

9aa8c4921ab1f794475d08e8131dd69b
SHA1

01360c0c73ce9fb590482c5ab7752da673911110
SHA256

e2361d5cb58de33b17a4ae77bef937d3153efb3877975bae6116436575fb7a1e
SHA512

6ec342e57916cb64a6c1ec022fa107fae0ed21ca9643649a09253c0d35a4187d45543b15d46167d2ad3ced0cef3021a06221e23cd783cb4561b6d81a56e45482
SSDEEP

6144:GjGxIXlE9VzbKqgPFyVlY+SOLBmZBJp4OF5T:GCqXlqlKqgPFyVlYNO4Zfp4gF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9aa8c4921ab1f794475d08e8131dd69b

Files

9aa8c4921ab1f794475d08e8131dd69b
.exe windows:4 windows x86 arch:x86

c2009e6ec8f38b440644001aeb5861e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails

ws2_32

WSAGetLastError
send
recv
connect
recvfrom
htonl
bind
WSAAsyncSelect
ioctlsocket
WSASocketA
WSAIoctl
gethostname
gethostbyname
inet_ntoa
sendto
shutdown
WSAStartup
WSACleanup
setsockopt
closesocket
htons
socket
inet_addr

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

hook

SetHook
RemoveHook
RemoveHook_App
SetHook_App

kernel32

GetFileSize
CloseHandle
CreateFileA
SetSystemTime
DeleteFileA
CopyFileA
GetWindowsDirectoryA
WinExec
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetDiskFreeSpaceA
GetProcAddress
GetDriveTypeA
GetLogicalDrives
LoadLibraryA
ExitThread
WaitForSingleObject
CreateEventA
ResumeThread
SetThreadPriority
CreateThread
GlobalFree
GlobalAlloc
GetModuleHandleA
GlobalMemoryStatus
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
ReleaseMutex
GetLastError
CreateMutexA
GetComputerNameA
GetModuleFileNameA
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
MulDiv
GetTickCount
SetEvent
WaitForMultipleObjects
WriteFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
TlsAlloc
TlsGetValue
GetSystemTime
GetVersion
CreatePipe
CreateProcessA
GetExitCodeProcess
TerminateProcess
TerminateThread
SetFilePointer
SetEndOfFile
GlobalReAlloc
GlobalUnlock
GlobalLock
GetFullPathNameA
FreeResource
HeapSize
ExitProcess
HeapReAlloc
SetUnhandledExceptionFilter
HeapAlloc
TlsFree
SetLastError
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
VirtualQuery
InterlockedExchange
HeapDestroy
HeapCreate
ReadFile
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
VirtualProtect
GetSystemInfo
GetSystemTimeAsFileTime
GetLocaleInfoW
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement

user32

InflateRect
CallWindowProcA
EnableWindow
SetDlgItemTextA
GetDlgItem
GetFocus
GetWindowRect
SetWindowLongA
GetSysColor
DialogBoxParamA
DefWindowProcA
SetMenuDefaultItem
TrackPopupMenu
CreateDialogParamA
PostQuitMessage
LoadIconA
GetDlgItemTextA
EndDialog
BeginPaint
EndPaint
CopyRect
GetDC
ReleaseDC
GetClientRect
DrawTextA
SetRect
KillTimer
GetMenuItemID
GetForegroundWindow
DestroyWindow
EnumWindows
SetWindowPos
SetActiveWindow
SetForegroundWindow
SetFocus
GetCursorPos
SetCursorPos
GetDesktopWindow
CreateWindowExA
UpdateWindow
RegisterClassExA
MessageBoxA
LoadStringA
LoadMenuA
GetSubMenu
LoadCursorA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DestroyCursor
wsprintfA
PeekMessageA
TranslateMessage
SetTimer
DestroyMenu
DispatchMessageA
SystemParametersInfoA
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
SendMessageA
FindWindowExA
ExitWindowsEx
GetSystemMetrics
FindWindowA
CharUpperBuffA
IsIconic
GetWindowLongA
IsWindow
ShowWindow
InvalidateRect
PostMessageA
LoadImageA
GetClassNameA

gdi32

SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
CombineRgn
CreateFontIndirectA
GetCurrentObject
LineTo
MoveToEx
SetBkMode
SetTextColor
CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
GetDIBColorTable
CreatePen
GetStockObject
Rectangle
CreateBrushIndirect
SelectObject
PatBlt
ExtCreateRegion
DeleteObject
GetObjectA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2009e6ec8f38b440644001aeb5861e3

Headers

File Characteristics

Imports

winmm

ws2_32

snmpapi

hook

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 40KB - Virtual size: 36KB