a202d31f2d10e7af324f8028e49712b4

Sharing

Copy URL Twitter E-mail

General

Target

a202d31f2d10e7af324f8028e49712b4
Size

52KB
MD5

a202d31f2d10e7af324f8028e49712b4
SHA1

a87a072566a9a6b23fac25dac51055c73d1572ae
SHA256

7df0e25b54ef91bb517a1d7d7b246f47d0a979651eef59e70a870b06b59da58e
SHA512

95f3f1c7ee2e76c21c156246f88420524ef3452a7016d0ae2acd55f0b02abe36f81cad43615e25aa5397af4316367c58aff1ba36f565fa7e025cddb32a65c90d
SSDEEP

768:2vdhVF8srzKrIEwRLbBLfMrpBKDb3Ue+noyJoUE5XFzu:2FVFr+rIEUSBKDb3UboSoUE5X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a202d31f2d10e7af324f8028e49712b4

Files

a202d31f2d10e7af324f8028e49712b4
.exe windows:4 windows x86 arch:x86

6f61b51a0f37668544ab7071108c56bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CopyFileA
GetModuleHandleA
GetVersionExA
LoadLibraryA
lstrcpyA
GetComputerNameA
GetSystemInfo
Sleep
GetCurrentProcess
CloseHandle
GetModuleFileNameA
GetSystemDirectoryA
GetTickCount
GetLastError
GetFileType
WriteFile
WideCharToMultiByte
RtlUnwind
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetStdHandle
TerminateProcess
SetFilePointer
ReadFile
SetHandleCount
HeapReAlloc
SetEndOfFile
HeapFree
VirtualFree
VirtualAlloc
MultiByteToWideChar
GetCommandLineA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
HeapAlloc
HeapDestroy
HeapCreate
GetEnvironmentStringsW
GetEnvironmentStrings
ExitProcess
GetVersion
CreateFileA
GetStartupInfoA

user32

IsWindowVisible
TranslateMessage
GetForegroundWindow
DispatchMessageA
LoadAcceleratorsA
TranslateAcceleratorA
GetMessageA
ExitWindowsEx
SetTimer
CreateDialogParamA
PostMessageA
SetForegroundWindow
KillTimer
MessageBoxA
PostQuitMessage
GetWindow
GetDesktopWindow
GetWindowTextA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA

shell32

ShellExecuteA

wsock32

connect
WSAStartup
gethostbyname
getprotobyname
socket
htons
WSAAsyncSelect
WSACleanup
getsockname
closesocket
sendto
recv

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f61b51a0f37668544ab7071108c56bd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 8KB