bb695eded8ed1360d91c2a43b9a0d7dd

Sharing

Copy URL Twitter E-mail

General

Target

bb695eded8ed1360d91c2a43b9a0d7dd
Size

977KB
MD5

bb695eded8ed1360d91c2a43b9a0d7dd
SHA1

8b2a59a5377ffc68905643e89bfe9b60ae19cbe3
SHA256

7ecf9c7ffffe0e9730d651b521aa5f7b84c68dc1330a21c0ad33535f7404c29c
SHA512

51805e73d793376c314309fddabc82a3088417a936e9bebd29c32b2a9d14b5e479f830ed60fba0494a41debc04ff91070f3a7fb814e491acc3cfd44928b33090
SSDEEP

24576:9LjXyJWWud2WxgyAMeSY4mCziPN4w30I:9LjFNxgQmC2N4wn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb695eded8ed1360d91c2a43b9a0d7dd

Files

bb695eded8ed1360d91c2a43b9a0d7dd
.exe windows:5 windows x86 arch:x86

38aac4809bd7c8989dbae45bd5b50316

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
WSAIoctl
WSACreateEvent
WSAEventSelect

advapi32

OpenProcessToken
RegCreateKeyExW
OpenThreadToken
RegSetValueExW
RegOpenKeyW
ConvertSidToStringSidA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation

shell32

Shell_NotifyIconW
ShellExecuteA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

sensapi

IsNetworkAlive

shlwapi

StrCmpNA

wininet

InternetSetOptionA
HttpSendRequestA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetConnectA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

user32

GetCursorPos
TrackPopupMenu
LoadImageW
DestroyMenu
DestroyWindow
InsertMenuW
PostQuitMessage
RegisterClassW
CallWindowProcA
SetForegroundWindow
GetPropW
SetPropW
DefWindowProcA
CreateWindowExW
PostMessageA
CreatePopupMenu
DispatchMessageA
TranslateMessage
InsertMenuItemW
GetMessageA
LoadStringW
GetSystemMetrics

kernel32

GetLocalTime
FindClose
DeleteCriticalSection
ReadFile
GetUserDefaultLCID
WriteFile
SwitchToThread
TlsGetValue
GetModuleFileNameW
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoA
SetFilePointer
DeleteFileW
GlobalAddAtomA
CloseHandle
SetEndOfFile
CreateThread
SetEvent
GetFullPathNameW
ReleaseSemaphore
TlsFree
MoveFileW
WaitForSingleObject
CreateSemaphoreA
GetFileInformationByHandle
FindFirstFileW
LeaveCriticalSection
GetDriveTypeW
TlsAlloc
GetLastError
Sleep
TlsSetValue

ole32

CoTaskMemFree
CoCreateInstance

tapi32

lineSetAgentState
lineAccept

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38aac4809bd7c8989dbae45bd5b50316

Headers

File Characteristics

Imports

ws2_32

advapi32

shell32

sensapi

shlwapi

wininet

user32

kernel32

ole32

tapi32

Sections

.text Size: 622KB - Virtual size: 621KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 319KB - Virtual size: 3.6MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 622KB - Virtual size: 621KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 319KB - Virtual size: 3.6MB

.rsrc
Size: 32KB - Virtual size: 31KB