b4c8cb015a10690a18c428f298a6fb3f

Sharing

Copy URL

Twitter E-mail

General

Target

b4c8cb015a10690a18c428f298a6fb3f
Size

324KB
MD5

b4c8cb015a10690a18c428f298a6fb3f
SHA1

7c5a4fc55c708d20b03fb307a291a0cf6c454e91
SHA256

b08a5ca4233fd7e6c72891e3491c0d864d4467c9a58ea151abd501b5119eec8e
SHA512

91766cdaf252a427b42b8ccd57d78436b476ba89ab92ab040e5ebe59c209b7ad2488a0860f036c06e48e09153561b29fbc34fb23a7b292e9f3f982680aaaef92
SSDEEP

6144:9dYq0a08wh8sRdNXvR2SQkY+m5MnZahlom3LKmKyQYFin8zhsRd:7ZsRvXvISMSCdKMI8za

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4c8cb015a10690a18c428f298a6fb3f

Files

b4c8cb015a10690a18c428f298a6fb3f
.exe windows:4 windows x86 arch:x86

f80212d34d32326a939ab15c8d909114

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
sprintf
isdigit
calloc
printf
__CxxFrameHandler
perror
_errno
strerror
fflush
wcstombs
mbstowcs
wcscpy
memchr
_except_handler3
fprintf
strcat
sscanf
fputc
wcscat
strtok
_ftol
rand
_memccpy
__p__commode
srand
fwrite
fseek
ftell
malloc
free
exit
strncmp
atof
strchr
strncat
memcmp
system
atoi
strcpy
fgets
fopen
fread
strcmp
fclose
memmove
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_vsnprintf
strlen
strncpy
memcpy
memset
strstr
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_EH_prolog
__p__fmode
__set_app_type
_controlfp
_stricmp
_strdup

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

kernel32

GetStartupInfoA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
TransactNamedPipe
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CreateEventA
MoveFileA
CreateDirectoryA
RemoveDirectoryA
GetTempPathA
MultiByteToWideChar
GetLastError
CopyFileA
GetModuleFileNameA
OpenProcess
GetModuleHandleA
CreateThread
TerminateThread
FreeConsole
AllocConsole
GetStdHandle
CreateNamedPipeA
WaitNamedPipeA
TerminateProcess
GlobalMemoryStatus
GetVersionExA
GetTickCount
Sleep
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree
WriteFile
GlobalAlloc
DeleteFileA
ExitProcess
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA

user32

ExitWindowsEx
wsprintfA
ReleaseDC

advapi32

StartServiceCtrlDispatcherA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
ControlService
EnumServicesStatusA
RegQueryValueExA
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

WSAStartup
socket
htons
bind
listen
gethostbyname
WSACleanup
ntohl
select
__WSAFDIsSet
WSAGetLastError
connect
closesocket
accept
shutdown
recvfrom
getsockopt
WSASocketA
setsockopt
htonl
sendto
send
recv
inet_addr
gethostname
WSAIoctl
gethostbyaddr
inet_ntoa
ioctlsocket
ntohs
getpeername
getsockname

netapi32

NetRemoteTOD
NetScheduleJobAdd
NetUserEnum
NetShareEnum
NetApiBufferFree
NetUseDel
NetUseAdd

mpr

WNetAddConnection2A
WNetCancelConnection2W
WNetCancelConnection2A
WNetAddConnection2W

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

dnsapi

DnsQuery_A

odbc32

ord75
ord41
ord24
ord9
ord31
ord11

gdi32

BitBlt
GetDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tcfgnbb
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f80212d34d32326a939ab15c8d909114

Headers

File Characteristics

Imports

msvcrt

msvcp60

kernel32

user32

advapi32

shell32

ws2_32

netapi32

mpr

psapi

dnsapi

odbc32

gdi32

Sections

.text Size: 208KB - Virtual size: 206KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 56KB - Virtual size: 70KB

.tcfgnbb Size: 16KB - Virtual size: 16KB

Size: 12KB - Virtual size: 9KB

.text
Size: 208KB - Virtual size: 206KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 56KB - Virtual size: 70KB

.tcfgnbb
Size: 16KB - Virtual size: 16KB