030070a5be5a36783c18c3717d1481ac1c1e7ea67ddc3aa2ce5e2feeb0fe773b

Sharing

Copy URL Twitter E-mail

General

Target

030070a5be5a36783c18c3717d1481ac1c1e7ea67ddc3aa2ce5e2feeb0fe773b
Size

121KB
MD5

7ac323a7eae3d93d07554c9abfe04d6b
SHA1

7d1b66667690df92a2260ad16738c7783e2ad017
SHA256

030070a5be5a36783c18c3717d1481ac1c1e7ea67ddc3aa2ce5e2feeb0fe773b
SHA512

6d8a7b919f5c81df36eac6bb150ed67b7800ebe85034f72635a1ac56f9728b3e4d017499eb4d15a30c4d00dcc78df57db76369126e971e6dabce4cc19b377580
SSDEEP

3072:NhKrLymOJRuscXwyIrAICbxXBisyh5tyXY:KrLyRUDQrN6t9yMo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
030070a5be5a36783c18c3717d1481ac1c1e7ea67ddc3aa2ce5e2feeb0fe773b

Files

030070a5be5a36783c18c3717d1481ac1c1e7ea67ddc3aa2ce5e2feeb0fe773b
.exe windows:4 windows x86 arch:x86

247fc691c973f9db71662e5c5cfdc366

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCancelConnection2A

ws2_32

htons
getsockname
inet_addr
gethostbyaddr
listen
accept
send
WSAStartup
WSACleanup
inet_ntoa
ioctlsocket
connect
select
gethostname
gethostbyname
ntohs
socket
bind
WSAIoctl
recv
htonl
WSASocketA
setsockopt
sendto
closesocket

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

kernel32

HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
CreateRemoteThread
WideCharToMultiByte
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
GetCurrentProcess
VirtualAlloc
IsBadReadPtr
VirtualProtect
GetProcAddress
GetModuleHandleA
Thread32Next
CloseHandle
SuspendThread
ResumeThread
OpenThread
GetCurrentThreadId
Thread32First
WriteConsoleA
GetModuleFileNameA
CreateFileW
GetVersion
DeviceIoControl
WriteFile
CreateFileA
GetSystemDirectoryA
DeleteFileA
Sleep
GetTickCount
CreateThread
FreeLibrary
LoadLibraryA
CopyFileA
MultiByteToWideChar
GetLocalTime
GetLastError
CreateMutexA
GetTempPathA
CreateProcessA
TerminateThread
GetVersionExA
GlobalMemoryStatus
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FlushViewOfFile
MoveFileA
Process32Next
lstrcmpiA
Process32First
VirtualFree
GetEnvironmentVariableA
GlobalFree
LoadLibraryExA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetEndOfFile
ReadFile
CreateToolhelp32Snapshot
GlobalAlloc
SetLastError
TlsFree
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue

user32

MessageBoxW
wsprintfA
MessageBoxA

advapi32

RegCloseKey
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyA

shell32

ShellExecuteA

ntdll

RtlUnwind
NtQuerySystemInformation

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

247fc691c973f9db71662e5c5cfdc366

Headers

File Characteristics

Imports

mpr

ws2_32

wininet

kernel32

user32

advapi32

shell32

ntdll

Sections

.text Size: 111KB - Virtual size: 110KB

.data Size: 9KB - Virtual size: 134KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 111KB - Virtual size: 110KB

.data
Size: 9KB - Virtual size: 134KB

.rsrc
Size: 512B - Virtual size: 176B