9bc785d516d80144ff641e0a346dbc52

Sharing

Copy URL

Twitter E-mail

General

Target

9bc785d516d80144ff641e0a346dbc52
Size

192KB
MD5

9bc785d516d80144ff641e0a346dbc52
SHA1

bc57a5c5cd618d0658b8aeee1c4a1a5b2516d4fa
SHA256

791648daa489e688424c35556c5bf54da84df3a6932234f4b4bf158c47ecdd06
SHA512

0fa0f4d1066482aab1c0a2293f224a3961a6cb194779166dcea55e9ab01f26e7c33bf473cba11fe40ef053ba028a0d270578387bf3aaf51e07edeb19a584cbff
SSDEEP

3072:61Gx0QfH9UYsPiW2uALtedj5pUrezYrhqhx73fYvOLmtkpFcc:WCH9tHuAxedj5pUrezYrhQx7HLmI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bc785d516d80144ff641e0a346dbc52

Files

9bc785d516d80144ff641e0a346dbc52
.exe windows:4 windows x86 arch:x86

07524554b81b30d9a4824fe16d4b9ec4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
gethostbyname
htons
socket
bind
connect
send
recv
closesocket

kernel32

GetOEMCP
GetCPInfo
GetStringTypeW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CompareStringA
lstrlenW
CompareStringW
lstrcmpiA
SetEndOfFile
lstrlenA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
Sleep
GetWindowsDirectoryA
SetFileAttributesA
GetModuleFileNameA
GetStringTypeA
CreateFileA
IsBadCodePtr
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualProtect
VirtualQuery
LCMapStringA
LCMapStringW
lstrcmpiW
CloseHandle
SetEvent
OpenEventA
lstrcpyA
lstrcpyW
OutputDebugStringA
OutputDebugStringW
GetCurrentProcessId
GetModuleFileNameW
InterlockedIncrement
VirtualAlloc
UnmapViewOfFile
IsBadReadPtr
GetSystemInfo
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedDecrement
RtlUnwind
ExitProcess
DebugBreak
GetStdHandle
WriteFile
GetProcAddress
LoadLibraryA
RaiseException
IsBadWritePtr
HeapValidate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
ReadFile
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
HeapFree
SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
SetFilePointer
UnhandledExceptionFilter

user32

EnumWindows
FindWindowA
PostMessageA
CharUpperW
CharUpperA
CharLowerW
CharLowerA

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07524554b81b30d9a4824fe16d4b9ec4

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 24KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 24KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB