b75f42fa11d9178279a7262ff9360511

Sharing

Copy URL

Twitter E-mail

General

Target

b75f42fa11d9178279a7262ff9360511
Size

157KB
MD5

b75f42fa11d9178279a7262ff9360511
SHA1

65e1c56defb2c7f6886dee3c503ba98c84f30f38
SHA256

75fc1f4ad2be9f3d5422220f9b03e6da2a9b36afff4b90d6fb8714495665740b
SHA512

0859084aeff1e8f030bd6b9676aae7a6914240967b82e7c90a57cd3c19188caf4f173cb2d31249569d24c30358e18beba9f632f0458a43a589784b0cdd3869fb
SSDEEP

3072:Z+VRAmaBrvXDTUuPVhGIQRSnznDF6UW3u4NVlRINRV1RkWs:ZCYBrvvh/GIQgnnFxquMlWNxRM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b75f42fa11d9178279a7262ff9360511

Files

b75f42fa11d9178279a7262ff9360511
.exe windows:1 windows x86 arch:x86

588ceeb45a2d8b29c54e337226af43ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

CloseHandle
WriteFile
GetSystemDirectoryA
QueryWin31IniFilesMappedToRegistry
GetProcAddress
GetSystemDefaultLCID
FindFirstFileA
FoldStringA
GetModuleHandleA
GetTickCount
GetCurrentProcess
GetModuleFileNameA
FindNextChangeNotification
FindNextFileA
FindClose
GetLocaleInfoA
CreateDirectoryA
WaitForMultipleObjectsEx
CreateFileW
ReadFile
EnterCriticalSection
DeleteFileW
OpenProcess
GetLastError
Sleep
lstrcpyA
LeaveCriticalSection
GetFileSizeEx
DeleteFileA
CopyFileA
WriteConsoleOutputW
VirtualAlloc
lstrcatA
GetEnvironmentVariableA
SetLastError
lstrcpyW
WaitNamedPipeA
GetWindowsDirectoryA
OpenFileMappingA
SetConsoleIcon
BeginUpdateResourceW
CreateSemaphoreA
FindFirstVolumeMountPointA
ReadConsoleOutputA
GetSystemDirectoryW
GetOEMCP
VirtualFree
lstrcatW
DuplicateHandle
CreateFileA
InitializeCriticalSection
IsBadHugeReadPtr
SetHandleInformation
BuildCommDCBAndTimeoutsA
lstrlenA

advapi32

AdjustTokenPrivileges
AccessCheck
EnumServicesStatusA
BackupEventLogA
LsaSetDomainInformationPolicy
RegOpenKeyA
GetTrusteeNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
CloseServiceHandle
OpenSCManagerA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
CloseEncryptedFileRaw

ntdll

vsprintf
memset
_chkstk
sprintf
ZwLoadDriver
wcsstr
strlen
tolower
RtlFreeUnicodeString
strstr
isspace
RtlInitAnsiString
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
strncmp
memcpy
NtQueryObject
isdigit

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

WSAStartup
closesocket
WSAAsyncGetProtoByNumber
connect
recv
WSAAsyncSelect
socket
WSANtohl
WSAGetLastError
gethostbyname
select
getsockopt
htons
__WSAFDIsSet
send
htonl

ole32

CoCreateGuid

user32

CharLowerW
ExitWindowsEx
FindWindowA

Sections

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

588ceeb45a2d8b29c54e337226af43ea

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 20KB

.text Size: 512B - Virtual size: 407B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 407B

.idata
Size: 3KB - Virtual size: 2KB