b8477f8d716c682d7f7af56f52d43080

Sharing

Copy URL Twitter E-mail

General

Target

b8477f8d716c682d7f7af56f52d43080
Size

1.9MB
MD5

b8477f8d716c682d7f7af56f52d43080
SHA1

366ff859042c9a44e868f084af821f0c0331bfe7
SHA256

71525aabbc12eefaa68bdd8210331c27853578b3ca53e30ffb60b27f076da5a4
SHA512

97732e18a361b632d11b5af69806828de295cf2130e452afcb4f88dfa1253ee1a6949460fbf92a24419b8053b344bd04de22e4cdb9a7cab5c9e8d117441807aa
SSDEEP

49152:Pu9oaPk3BMIivAISVPYyG8Y7zS2AOF0UQ7:m7PLvAISVPYyG8uzSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8477f8d716c682d7f7af56f52d43080

Files

b8477f8d716c682d7f7af56f52d43080
.exe windows:4 windows x86 arch:x86

fb836ce04a245332f06be422ba1dddd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

ord24
ord75
ord41
ord11
ord31
ord9

advapi32

StartServiceCtrlDispatcherA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
ControlService
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
EnumServicesStatusA

gdi32

BitBlt
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetBitmapBits
GetObjectA
SelectObject

kernel32

FlushConsoleInputBuffer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
Sleep
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
ExitProcess
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
ReadFile
CloseHandle
TerminateProcess
CreateFileA
WaitNamedPipeA
CreateNamedPipeA
WriteFile
GetStdHandle
AllocConsole
FreeConsole
OutputDebugStringA
TerminateThread
CreateThread
GetModuleHandleA
OpenProcess
GetModuleFileNameA
CopyFileA
GetLastError
MultiByteToWideChar
GetTempPathA
CreateEventA
SetEvent
LockResource
SizeofResource
LoadResource
FindResourceA
GetCurrentProcess
GetCurrentThread
TransactNamedPipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
SetLastError
GetStartupInfoA

user32

ExitWindowsEx
MessageBoxA
wsprintfA

shell32

ShellExecuteA

ws2_32

ntohl
WSASocketA
setsockopt
gethostname
WSAIoctl
ntohs
gethostbyaddr
inet_ntoa
gethostbyname
ioctlsocket
getpeername
getsockname
getsockopt
recv
__WSAFDIsSet
accept
bind
listen
closesocket
socket
htons
connect
WSAGetLastError
select
WSACleanup
WSAStartup
htonl
inet_addr
recvfrom
getservbyname
shutdown
WSASetLastError
send
sendto

netapi32

NetRemoteTOD
NetScheduleJobAdd
NetUserEnum
NetShareEnum
NetApiBufferFree
NetUseDel
NetUseAdd

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetCancelConnection2W
WNetAddConnection2W

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

dnsapi

DnsQuery_A

msvcrtd

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_getch
_stat
_fileno
_strdup
_memccpy
_stricmp
signal
fputs
_controlfp
gmtime
getenv
_lrotl
_lrotr
_setmode
localtime
sscanf
__mb_cur_max
_isctype
_pctype
tolower
_iob
abort
realloc
bsearch
qsort
wcstombs
mbstowcs
wcscpy
memchr
_except_handler3
strcat
toupper
fputc
printf
perror
_errno
strerror
strtoul
time
fgets
sprintf
isdigit
malloc
fflush
__CxxFrameHandler
_chkesp
_purecall
??2@YAPAXIHPBDH@Z
atoi
??2@YAPAXI@Z
strstr
memset
fread
fseek
fclose
fopen
strncpy
strlen
_vsnprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy
memmove
strcpy
strcmp
system
memcmp
fprintf
vsprintf
strncat
strchr
atof
strncmp
exit
free
_malloc_dbg
ftell
fwrite
srand
rand
_ftol
strtok
wcscat
calloc

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myufkqv
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb836ce04a245332f06be422ba1dddd1

Headers

File Characteristics

Imports

odbc32

advapi32

gdi32

kernel32

user32

shell32

ws2_32

netapi32

mpr

psapi

dnsapi

msvcrtd

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 156KB - Virtual size: 181KB

.idata Size: 8KB - Virtual size: 7KB

.myufkqv Size: 20KB - Virtual size: 19KB

Size: 12KB - Virtual size: 11KB

.reloc Size: 52KB - Virtual size: 49KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 156KB - Virtual size: 181KB

.idata
Size: 8KB - Virtual size: 7KB

.myufkqv
Size: 20KB - Virtual size: 19KB

.reloc
Size: 52KB - Virtual size: 49KB