aa07ee7958b29074d31d4909bf23344e

Sharing

Copy URL Twitter E-mail

General

Target

aa07ee7958b29074d31d4909bf23344e
Size

792KB
MD5

aa07ee7958b29074d31d4909bf23344e
SHA1

fb04b5047ced0abe4580e91be8fe970cdcdd3718
SHA256

f00461ae03263858a9b26eda2c7b0ec18f3ceaf81a035cfe22412fc465f7775c
SHA512

0933e5501d4a7040438339aca41da551ffbc4ab2c4538512e1c5fcc4ff139ac1712e3f045b437aa0d0b6c2d5cb25cbcc5d9e4d6ae18a63196dad4ed2bff0e784
SSDEEP

12288:R3pv3RnItdGFLw3lsrqRBkFHgHs/ZmD11pX+3OoxHkCUteol:ppv3RqlSHg3J1t+3OoxHkCUteo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa07ee7958b29074d31d4909bf23344e

Files

aa07ee7958b29074d31d4909bf23344e
.exe windows:4 windows x86 arch:x86

0e04b568d7cf3afd5fe16fa6124cfcda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_stricmp
_XcptFilter
_exit
_onexit
__dllonexit
isalpha
wcscmp
_controlfp
wcscat
wcslen
islower
isupper
isalnum
_strrev
swprintf
fprintf
wcsncpy
_local_unwind2
_except_handler3
_ultoa
_endthreadex
malloc
fopen
fgets
fclose
toupper
??3@YAXPAX@Z
asctime
_strdup
localtime
_itoa
isdigit
strchr
free
wcscpy
printf
strncmp
atoi
exit
_wcsicmp
_wtoi
_beginthreadex
strcmp
memset
srand
strcat
remove
strtok
strstr
strncpy
vsprintf
rand
strlen
strcpy
??2@YAPAXI@Z
memcpy
_beginthread
_iob
fflush
sprintf

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

ws2_32

listen
bind
gethostbyaddr
WSAStartup
WSACleanup
WSASocketW
inet_addr
htons
socket
ioctlsocket
connect
select
send
recv
closesocket
gethostbyname
inet_ntoa
getsockname
WSAGetLastError
gethostname
accept

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlW
HttpSendRequestW
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA

netapi32

NetServerGetInfo
NetShareAdd
NetRemoteTOD
NetServerDiskEnum
NetUserEnum
NetApiBufferFree
NetUserGetInfo

advapi32

GetUserNameW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
OpenSCManagerW
StartServiceW
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
GetSidSubAuthority
LookupAccountNameW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
OpenEventLogW
RegCloseKey

mpr

WNetCancelConnectionW
WNetAddConnection2W
WNetOpenEnumW

user32

ExitWindowsEx
wsprintfW

odbc32

ord75
ord24
ord141
ord31

kernel32

GetModuleHandleW
GetModuleFileNameA
ReleaseMutex
CreateMutexA
GetTempPathA
SetCurrentDirectoryA
CopyFileA
CloseHandle
WriteFile
CreateFileA
GetSystemDirectoryA
SizeofResource
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SleepEx
GetTickCount
Sleep
GetProcAddress
LoadLibraryA
SetPriorityClass
OpenProcess
GetCurrentProcessId
DeleteFileA
FreeLibrary
ExitProcess
GetCurrentThreadId
TerminateThread
CreateThread
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExA
GetDriveTypeA
GetComputerNameA
GetVersionExW
GlobalMemoryStatus
GetSystemInfo
WaitForSingleObject
ExpandEnvironmentStringsA
lstrlenA
TerminateProcess
GetStdHandle
LocalFree
FormatMessageW
GetStartupInfoA
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleCursorPosition
GetDiskFreeSpaceExW
SetConsoleTitleA
WideCharToMultiByte
OpenSemaphoreA
ReleaseSemaphore
SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateProcessA
CreateSemaphoreA
CreateEventW
ResetEvent
InitializeCriticalSection
SetConsoleCtrlHandler
lstrcatA
FreeConsole
GetCurrentProcess

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 688KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e04b568d7cf3afd5fe16fa6124cfcda

Headers

File Characteristics

Imports

msvcrt

msvcp60

psapi

ws2_32

shell32

wininet

netapi32

advapi32

mpr

user32

odbc32

kernel32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 11.6MB

.rsrc Size: 688KB - Virtual size: 684KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 11.6MB

.rsrc
Size: 688KB - Virtual size: 684KB