c2c4a781871afd02f2aff735390be9f4

Sharing

Copy URL Twitter E-mail

General

Target

c2c4a781871afd02f2aff735390be9f4
Size

84KB
MD5

c2c4a781871afd02f2aff735390be9f4
SHA1

35b5763b3caf9489b2afd32f63b3e44d1bc13e78
SHA256

89badafeffb03b7bdaabf0845b5eacafa30c9dcae8a9eb6d71197824c74d9062
SHA512

f40958361afa843fb386b3e5a180abcc4d45c9e349300f2dc746cc7d2694a5f646e67c9d038ed866470c494d118b56661d88addff20d1f5fb3016959d9a3d477
SSDEEP

1536:qHMSSV1wJ3W5JObGdQIfnTjlU5T9RpDaZumBo/JJNqm4R6kcnA:qHMe0JOAfT5UbhaImBoxqR6kgA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2c4a781871afd02f2aff735390be9f4

Files

c2c4a781871afd02f2aff735390be9f4
.exe windows:4 windows x86 arch:x86

7a24ce31a3c6285d885e38f0a941998b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenA
GetLastError
SetFileAttributesA
CopyFileA
GetModuleFileNameA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
Sleep
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
ExitThread
GetCurrentProcessId
GetTickCount
HeapAlloc
GetProcessHeap
TerminateThread
CreateThread
SetLocalTime
GetModuleHandleA
GetStartupInfoA
GetVersionExA
GlobalMemoryStatus
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GlobalFree
CreateFileA
GetFileTime
WriteFile
SetFileTime
CloseHandle
lstrcatA
GetSystemDirectoryA

user32

wsprintfA

advapi32

DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService

mfc42

ord800
ord535
ord924
ord537
ord6877
ord939
ord2818
ord4278
ord860
ord6663
ord858
ord540
ord2915
ord2764
ord2846
ord922
ord926
ord5710
ord4129
ord6648

msvcrt

srand
time
strstr
strncmp
printf
_mbscmp
strtok
strchr
__dllonexit
_onexit
_exit
rand
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter
atoi
exit
__CxxFrameHandler
_except_handler3

urlmon

URLDownloadToFileA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

ws2_32

gethostbyname
closesocket
connect
htons
inet_addr
socket
send
WSAGetLastError
recv
setsockopt
WSAStartup
sendto
WSASocketA
gethostname
htonl
inet_ntoa
__WSAFDIsSet

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a24ce31a3c6285d885e38f0a941998b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

urlmon

msvcp60

ws2_32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 244KB

.rsrc Size: 4KB - Virtual size: 3KB

.vmp0 Size: 44KB - Virtual size: 42KB

.reloc Size: 4KB - Virtual size: 528B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 244KB

.rsrc
Size: 4KB - Virtual size: 3KB

.vmp0
Size: 44KB - Virtual size: 42KB

.reloc
Size: 4KB - Virtual size: 528B