bf58d9559f38d83adb05680652fb434e

Sharing

Copy URL Twitter E-mail

General

Target

bf58d9559f38d83adb05680652fb434e
Size

108KB
MD5

bf58d9559f38d83adb05680652fb434e
SHA1

4599f8b016b2cee0a9b71559be3410e8646080b9
SHA256

77eb23fe17c73034abcb605e92b5da6d23916a9eef76a69b82dbaa14cea278e6
SHA512

a884e21e683fa6265a5de9dcbd7a0be8f11b5bea38742f06960831ac0aa19b86ba9af97af875ef64bdce19adbb957b304c2950a4e30c2d9dc8ca24b1acce2098
SSDEEP

1536:XVSqDJm8QwZRmZHh/rO1/ZMffbl1pp/mweQNfaWYIIYMxBjRKnv:XVSymnw/ZMftp/LbRvYIHg30v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf58d9559f38d83adb05680652fb434e

Files

bf58d9559f38d83adb05680652fb434e
.exe windows:4 windows x86 arch:x86

7affbe0382d05a5cf685d54d8e160276

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
recv
send
htons
inet_addr
gethostbyname
bind
connect
closesocket
socket
setsockopt
ioctlsocket
getsockopt
WSASetLastError
select
WSAGetLastError
htonl

wininet

InternetCombineUrlA

dnsapi

DnsQuery_A
DnsRecordListFree

mfc42

ord6282
ord2763
ord4277
ord4129
ord6283
ord941
ord537
ord940
ord3438
ord2764
ord5606
ord2614
ord3938
ord5593
ord5631
ord4188
ord912
ord922
ord6663
ord6778
ord6779
ord861
ord6648
ord6877
ord4278
ord5683
ord5856
ord5830
ord3727
ord802
ord542
ord1085
ord5601
ord6569
ord5622
ord702
ord3441
ord915
ord4191
ord400
ord538
ord4202
ord926
ord924
ord858
ord939
ord823
ord5860
ord2818
ord825
ord803
ord540
ord397
ord500
ord543
ord860
ord800
ord699
ord772
ord3584
ord535

msvcrt

gmtime
srand
_mbscmp
_ftol
strstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
asctime
memmove
realloc
_stricmp
sscanf
_mbsicmp
atol
strcpy
strcat
free
malloc
memcpy
memset
rand
time
__CxxFrameHandler
strncpy
strlen
sprintf

kernel32

InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
VirtualAlloc
VirtualFree
GetStartupInfoA
GetLocalTime
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
CreateThread
EnterCriticalSection
GetLastError
GetCurrentProcess
CloseHandle
ResumeThread
WriteFile
CreateFileA
LeaveCriticalSection
lstrcmpA
GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
GetVolumeInformationA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownA

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree

Exports

Exports

_MainThreadProc@4

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7affbe0382d05a5cf685d54d8e160276

Headers

File Characteristics

Imports

ws2_32

wininet

dnsapi

mfc42

msvcrt

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB