a43c00a1d85370cd70434e8b73e06d76

Sharing

Copy URL Twitter E-mail

General

Target

a43c00a1d85370cd70434e8b73e06d76
Size

172KB
MD5

a43c00a1d85370cd70434e8b73e06d76
SHA1

037bf150b51548c6994fee70a32e9f1e4b71fa51
SHA256

e6db11ff58a8bf023a1399b643b0b29879fc083199eda797b43f87a1545e8efc
SHA512

99325fb120d47f17a5a43839efe64d2d1f5a620f2e2acd5c7854404d5fcb30efa60f566fd121efdad24b4aea6902e3388ce8ef50c43d26e9524baf4eb89f60e1
SSDEEP

3072:nN8yFyaBmUOGUN9M6NiyBX1EtTm6rGDxyPgAAmrYhMTp5dq:nN9FyaB0/BXWJm6KDxyPdDhq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43c00a1d85370cd70434e8b73e06d76

Files

a43c00a1d85370cd70434e8b73e06d76
.exe windows:5 windows x86 arch:x86

f5b96233c6407708b718a838577df4bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\SecurityProg\kgg\ManualMap\ManualMapMainNew\bin\Main.pdb

Imports

ws2_32

WSAStartup
inet_ntoa
gethostbyname
WSACleanup
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
CloseHandle
CreateFileA
GetFileSize
Sleep
VirtualFreeEx
CreateRemoteThread
GetCurrentProcess
GetLastError
OpenMutexA
CopyFileA
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
SetFileAttributesA
GetTempFileNameA
GetSystemTime
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
ExitProcess
CreateMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleW
OpenProcess
VirtualAllocEx
VirtualProtect
GetProcAddress
VirtualProtectEx
LoadLibraryExA
Module32Next
Module32First
SizeofResource
LockResource
LoadResource
FindResourceA
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrlenA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeA
GetVersionExA
GetSystemInfo
GetConsoleMode
InitializeCriticalSectionAndSpinCount
WriteProcessMemory
GetLocaleInfoA
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStringTypeW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DeleteFileA
MultiByteToWideChar
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter

user32

MessageBoxA
GetKeyState
GetWindowThreadProcessId
GetDesktopWindow
SetWindowsHookExA
SetTimer
GetMessageA
DispatchMessageA
GetKeyboardLayout
MapVirtualKeyExA
GetKeyboardState
ToUnicodeEx
CallNextHookEx
GetForegroundWindow

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString

shlwapi

StrStrIA

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5b96233c6407708b718a838577df4bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 63KB - Virtual size: 63KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 63KB - Virtual size: 63KB