beca36f1d8275098f1489d1480e6056f

Sharing

Copy URL

Twitter E-mail

General

Target

beca36f1d8275098f1489d1480e6056f
Size

72KB
MD5

beca36f1d8275098f1489d1480e6056f
SHA1

2aeee112a0fc69815dda882dc937080d7644df2e
SHA256

9eb6ff80a313cefeb9cf73dec7186500fc72b19839ccaed1dd693f5e5be0df00
SHA512

f4d91293778a6e369bebc700ed69222d067f6ef3f9bdb269b58d33194ff00420a92b5a8ff3ec0a788c73601e031199b4fbd456dc9e1ddc95b8de2341407af7f4
SSDEEP

768:AHDHWu8424jMp44+lS8ZHdJL3vdp3kWKP4yQAlvxNPzk54b2bi9tvHZ:S2fp4jMp4jPHf1eP46PzKb+tv5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beca36f1d8275098f1489d1480e6056f

Files

beca36f1d8275098f1489d1480e6056f
.exe windows:4 windows x86 arch:x86

e37867b13edfe9d9759372493835980c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetTickCount
GetFileAttributesA
Sleep
lstrcmpA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
DeleteFileA
GetSystemDirectoryA
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
CopyFileA
GetModuleFileNameA
Process32First
GetStartupInfoA
GlobalAlloc
TerminateProcess
GetProcAddress
LoadLibraryA
TerminateThread
CreateThread
FlushFileBuffers
Process32Next
OpenProcess
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
WriteFile
CloseHandle
CreateFileA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP

user32

GetDesktopWindow
wsprintfA
MessageBoxA

advapi32

CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA

shell32

ShellExecuteA

ws2_32

recv
socket
sendto
WSAStartup
WSASocketA
WSACleanup
gethostbyname
htons
inet_ntoa
WSAConnect
inet_addr
setsockopt
send

iphlpapi

GetNetworkParams

urlmon

URLDownloadToFileA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e37867b13edfe9d9759372493835980c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

urlmon

Sections

.text Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B