a16e41efe557b33754613ef49c2d63a0

Sharing

Copy URL Twitter E-mail

General

Target

a16e41efe557b33754613ef49c2d63a0
Size

325KB
MD5

a16e41efe557b33754613ef49c2d63a0
SHA1

f26cc94b26f9a06111df518da4918a00f0a1b2cc
SHA256

cb88c7f3179c06cdc92c324f42fb8b6de8ebfb3633889cc6e5921dbdd9198822
SHA512

73c51d93ef7059e95ea092d5b54489c3efc63ea70fef9f1d2369b79b319ccbaf43a2026a8321a13dc2db96e85fb9e9b476d5e005a4f5601a5cac3153c7d3a197
SSDEEP

6144:BqvF8xnr43hpy4zkX8SPlDnDVraL/MgNfU6cEJXBsZkGLVmlFDm:BqYcp9oZVr0RfjcE7sZkGBml8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a16e41efe557b33754613ef49c2d63a0

Files

a16e41efe557b33754613ef49c2d63a0
.exe windows:5 windows x86 arch:x86

a8bd4ad0401ae03a4720d00014ab0a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DelayLoadFailureHook
LocalReAlloc
LeaveCriticalSection
GlobalLock
FindFirstFileW
WideCharToMultiByte
FreeResource
lstrcmpW
LocalFree
FormatMessageW
CreateFileW
GetCurrentProcessId
CloseHandle
FreeLibraryAndExitThread
EnterCriticalSection
GlobalReAlloc
MulDiv
GetTickCount
InitializeCriticalSectionAndSpinCount
LoadResource
FindClose
FindResourceW
GetVolumeInformationW
GetSystemDefaultUILanguage
GetShortPathNameW
GlobalAlloc
LockResource
GetFileAttributesW
TlsSetValue
GetUserDefaultLCID
DeleteFileW
ResetEvent
GetSystemTimeAsFileTime
TlsAlloc
GetProcAddress
GetLocaleInfoW
TerminateProcess
TlsGetValue
GetProcessVersion
GetTempFileNameW
SetLastError
GetCurrentProcess
ExpandEnvironmentStringsW
InterlockedExchange
InterlockedDecrement
lstrlenW
lstrcpyA
GetVersionExA
SetErrorMode
MultiByteToWideChar
LocalAlloc
GlobalUnlock
GetCurrentThreadId
WaitForSingleObject
GetACP
SetCurrentDirectoryW
InterlockedIncrement
DisableThreadLibraryCalls
GetProfileStringW
GetModuleHandleA
lstrcmpiW
LocalSize
QueryPerformanceCounter
GlobalFree
FreeLibrary
GetLastError
lstrcpyW
LoadLibraryW
TlsFree
FindResourceA
GetDriveTypeW
FindNextFileW
SetEvent
FindResourceExW
CreateThread
InterlockedCompareExchange
lstrcpynW
GetFullPathNameW
SetUnhandledExceptionFilter
DeleteCriticalSection
UnhandledExceptionFilter
lstrlenA
GetModuleHandleW
GetCurrentDirectoryW
CreateEventW
SizeofResource
LoadLibraryA
GetModuleFileNameW

gdi32

RealizePalette
GetMapMode
SelectObject
SetViewportExtEx
LineTo
GetTextMetricsW
CreateSolidBrush
GetTextCharsetInfo
GetNearestColor
GetTextCharset

dnsapi

DnsReplaceRecordSetW

ntdll

_wcsicmp
RtlUnwind
wcslen
_chkstk
NtQueryVirtualMemory
NtAllocateVirtualMemory
memmove
RtlIsNameLegalDOS8Dot3
RtlInitUnicodeStringEx
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString

mswsock

GetAcceptExSockaddrs
AcceptEx

userenv

RsopFileAccessCheck

rpcrt4

RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcEpResolveBinding
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8bd4ad0401ae03a4720d00014ab0a7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

dnsapi

ntdll

mswsock

userenv

rpcrt4

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 196KB

.rsrc Size: 116KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 116KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 4KB