ad20bfb4318f42f954dad337030592eb

Sharing

Copy URL

Twitter E-mail

General

Target

ad20bfb4318f42f954dad337030592eb
Size

188KB
MD5

ad20bfb4318f42f954dad337030592eb
SHA1

539e517cee5c1348f4299a73d31905491b80727c
SHA256

7bf3db7eed3812d548af3077ecaadca8d7c0078407ea644ccfa42147cfa73fe8
SHA512

c169134e89645443fe9f0cc17e140935c1af278c07d2d3a550e795fa838a5555dace5ff03e636c169b466e3b93fc9f34156c1ac615ba5910bdfbf5594e888514
SSDEEP

3072:HlyXRCjSSgFs64FsX7FJKwP3GcZ7gPGaEMMWc/0M8vYCLfsoqIkUc:FCRCjSXC64FsrFL3GWgut90VQGfW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad20bfb4318f42f954dad337030592eb

Files

ad20bfb4318f42f954dad337030592eb
.exe windows:4 windows x86 arch:x86

a302d9446f0f58a371fb26cf0728a065

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

socket
connect
getsockopt
gethostbyname
closesocket
WSAStartup
WSACleanup
send
recv
htons

shlwapi

SHDeleteKeyA

comctl32

_TrackMouseEvent

kernel32

CreateMutexA
GetLocalTime
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
GetVersionExA
GetModuleFileNameA
CreateProcessA
FormatMessageA
GetLastError
GetCommandLineA
IsBadReadPtr
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
WriteFile
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
WideCharToMultiByte
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
ReleaseMutex
CreateFileA
ReadFile
CloseHandle
WinExec
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
QueryPerformanceCounter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
GetStartupInfoA
HeapAlloc
ExitProcess
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapFree
GetFileAttributesA
DeleteFileA
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA

user32

LoadImageA
PostMessageA
SetWindowRgn
CreateWindowExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
RegisterClassExA
RedrawWindow
BeginPaint
GetClientRect
FillRect
EndPaint
DefWindowProcA
SetWindowPos
GetSystemMetrics
LoadCursorA
DestroyCursor
KillTimer
SetTimer
SetCursor
ShowWindow
GetDC
ReleaseDC
SystemParametersInfoA

gdi32

SetBkMode
CreateCompatibleDC
SelectObject
PtInRegion
CreateCompatibleBitmap
GetObjectA
BitBlt
SetBkColor
SetTextColor
DeleteDC
GetDeviceCaps
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
DeleteObject
CreateBitmap

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

StringFromGUID2
CoCreateGuid

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a302d9446f0f58a371fb26cf0728a065

Headers

File Characteristics

Imports

wsock32

shlwapi

comctl32

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 75KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 75KB

.rsrc
Size: 4KB - Virtual size: 2KB