a34d81e3f85ce388da72e8ed613fa281

Sharing

Copy URL Twitter E-mail

General

Target

a34d81e3f85ce388da72e8ed613fa281
Size

304KB
MD5

a34d81e3f85ce388da72e8ed613fa281
SHA1

6caa1861e51b213f10cfbb6f3fa735e82d59cb6c
SHA256

144b0a3af0585fcda76d5c5dc3900795f2b3d654ca2c01316b12976038029dd3
SHA512

b06863141d2543fc72c08494c772853511d3bae4ae0edcf5fd7bff9c358d96b6e08042600603dd6ec3c13f62162f14fac7e7d7bc74f2252fbf1c1574a9395783
SSDEEP

6144:6BT909o9VhT/lvmTBpp6OWPA4OlbOWFauuDmLtTZ3fDO3n6jT:8amlvmTX5uDmpZ3fa3nY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a34d81e3f85ce388da72e8ed613fa281

Files

a34d81e3f85ce388da72e8ed613fa281
.exe windows:4 windows x86 arch:x86

687950a4290b8440aa2bef617b88289e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\dontpanic\Desktop\MaCode(han2)_183\publish\PsychMaker(win7).pdb

Imports

winmm

timeGetTime

wsock32

getpeername
connect
select
htons
setsockopt
recv
socket
closesocket
send
ioctlsocket
inet_addr
WSAStartup
gethostbyname
getsockname

kernel32

LoadResource
GetCurrentProcess
Process32First
OpenProcess
SizeofResource
TerminateProcess
ReadFile
Process32Next
LockResource
QueryFullProcessImageNameA
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
ExitProcess
WideCharToMultiByte
Sleep
MultiByteToWideChar
InterlockedExchange
GetLastError
FreeConsole
CreateProcessA
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalMemoryStatus
MoveFileExA
WritePrivateProfileStringA
GetSystemInfo
GetCurrentThreadId
GetVersionExA
DeleteFileA
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
SetFilePointer
GetOEMCP
GetACP
FreeEnvironmentStringsA
GetCPInfo
GetFileType
SetHandleCount
GetStdHandle
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
WriteFile
RtlUnwind
RaiseException
HeapSize
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
FreeResource
FindResourceA
GetFileSize
CreateFileA
LoadLibraryA
SetFileAttributesA
CopyFileA
GetProcAddress
GetSystemDirectoryA
FreeLibrary
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
GetStartupInfoA
SetEndOfFile
GetComputerNameA
GetThreadLocale
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
GetCommandLineA

user32

SetProcessWindowStation
OpenDesktopA
GetThreadDesktop
GetProcessWindowStation
wsprintfA
CloseDesktop
OpenWindowStationA
SwitchDesktop
SetThreadDesktop
FindWindowA
TranslateMessage
PeekMessageA
DispatchMessageA
ClientToScreen
FillRect
GetClientRect
GetDC
GetSystemMetrics
FindWindowW

gdi32

SelectObject
DeleteObject
GetStockObject

advapi32

RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
OpenServiceA
RegOpenKeyExW
GetUserNameA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
SetServiceStatus
RegCreateKeyA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
DeleteService
OpenProcessToken

shell32

ShellExecuteA

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

687950a4290b8440aa2bef617b88289e

Headers

File Characteristics

PDB Paths

Imports

winmm

wsock32

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 144KB - Virtual size: 143KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 144KB - Virtual size: 143KB