ab9874733013daf1ffd58356b3839f11

General

Target

ab9874733013daf1ffd58356b3839f11
Size

210KB
MD5

ab9874733013daf1ffd58356b3839f11
SHA1

5935d3c5bbf671c614aa43df6d73bc7a34435e87
SHA256

cb8a854c6cb22cdc339a5540ae55a7c874b3635d8f0126d2052ee7ec21203b22
SHA512

23f994fd6897c798809d30778c5a2ba1152f5c3ff7d4770d45eb3aac1e2be887697dc57acd5f0a60a8a24df9e128cdbc3982721eb6695ad2c9149b22757517ca
SSDEEP

6144:fBIpCAyGQdRbH5+IRIWKuJ4JweEz54w+1:7VRnTnV4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab9874733013daf1ffd58356b3839f11

Files

ab9874733013daf1ffd58356b3839f11
.exe windows:4 windows x86 arch:x86

77e861360754922ea6f178820d1e1d7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
ReadConsoleInputW
GetProfileStringW
GetVolumeInformationW
ReadConsoleA
GetWriteWatch
GetDiskFreeSpaceA
CreateMailslotW
GetProfileIntA
DosDateTimeToFileTime
CreateMutexW
CreateDirectoryW
FormatMessageW
FindAtomA
DeleteFiber
GetSystemTime
GetFileTime
GetPrivateProfileStringW
GetSystemInfo
GetVersion
FindFirstFileA
SetConsoleCtrlHandler
OpenProcess
OpenFileMappingW
SetConsoleWindowInfo
GetCalendarInfoA
GlobalFlags
LockFile
GetDiskFreeSpaceExW
SetConsoleCursorInfo
VirtualAllocEx
VirtualLock
CreateThread
GetComputerNameW
VirtualFreeEx
DeleteCriticalSection
OpenWaitableTimerW
GetConsoleCursorInfo

wsock32

ord1140
WSACancelBlockingCall
WSAAsyncGetHostByAddr
ord1113
ord1141
WSAUnhookBlockingHook
getprotobyname
ord1107
getprotobynumber
select
ord1115
getservbyport
getservbyname
ord1104
getsockopt
getsockname
ntohs
setsockopt
ord1109
htonl
ord1111
bind
ord1130
ord1120
WSAAsyncGetProtoByName
accept

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77e861360754922ea6f178820d1e1d7d

Headers

File Characteristics

Imports

kernel32

wsock32

Sections

.text Size: 104KB - Virtual size: 103KB

.data Size: 105KB - Virtual size: 105KB

.text
Size: 104KB - Virtual size: 103KB

.data
Size: 105KB - Virtual size: 105KB