c720668a94b60034a47e34e0672662e4

Sharing

Copy URL Twitter E-mail

General

Target

c720668a94b60034a47e34e0672662e4
Size

152KB
MD5

c720668a94b60034a47e34e0672662e4
SHA1

1047e21980286af6f262fd13b43913bc7124ccd8
SHA256

6d5fb588bb88f9886d8805891c710f55f6f502454acfa7a5d2023a47c1282159
SHA512

ac20bf285b911fc755dacf467e4c2fe81f4e75fb7ebc9cf0298517c2c7d849e2ea0603693f3c831074fd86dc1228be651de977cdbedb37d23806865f173a008e
SSDEEP

3072:t3G4wiJixAAGpnxwu1t3kqVpGxj8iwmITRITa690MY1ic:t24wiJixAAGH1t3JVo90MY1ic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c720668a94b60034a47e34e0672662e4

Files

c720668a94b60034a47e34e0672662e4
.exe windows:4 windows x86 arch:x86

b9568c8c3a493066ffb7d6223a2fcce5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
bind
ntohl
ioctlsocket
accept
getsockname
__WSAFDIsSet
select
socket
htons
ntohs
closesocket
recv
send
WSAGetLastError
inet_addr
setsockopt
WSACleanup
WSAStartup
sendto
recvfrom
inet_ntoa
listen
connect
gethostbyname

advapi32

CreateServiceA
StartServiceA
StartServiceCtrlDispatcherA
OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus

kernel32

GetLastError
GetSystemDirectoryA
DeleteFileA
CopyFileA
GetStartupInfoA
CreateProcessA
ReleaseMutex
CreateMutexA
InterlockedDecrement
GetModuleFileNameA
CreateEventA
WaitForSingleObject
SetEvent
Sleep
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
LocalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
FreeLibrary
CloseHandle
GetProcAddress

user32

MessageBoxA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__getmainargs
_except_handler3
_controlfp
__dllonexit
_onexit
_acmdln
__set_app_type
_XcptFilter
wcslen
_CxxThrowException
strncpy
_exit
free
sprintf
malloc
strchr
perror
getenv
atoi
??1type_info@@UAE@XZ
strstr
rand
realloc
exit
time
tolower
isalpha
printf
localtime
fclose
fprintf
fopen
strftime
_splitpath
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_snprintf
memmove

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

ole32

CoInitialize
CoCreateGuid
StringFromIID
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9568c8c3a493066ffb7d6223a2fcce5

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

user32

msvcrt

msvcp60

ole32

oleaut32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 5KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 5KB