c7de7cecf841b42f549afdc916b93a5b

Sharing

Copy URL Twitter E-mail

General

Target

c7de7cecf841b42f549afdc916b93a5b
Size

463KB
MD5

c7de7cecf841b42f549afdc916b93a5b
SHA1

ea96c1046604faebc8e35d37f625e40cd23a1777
SHA256

5a28bae5b7b3c53a3b4c955ae20692e26d3e72e61b3b68d0348840ab1bcc3161
SHA512

66de583e3b8a2e591fc9f64e0eb02bf88f0d9e8f034e7c36ba18a3393a3d2959e8be462daa199ba5157b9eba0befc393cb5a89746de7c5936b680548c9ac355e
SSDEEP

12288:5cZIoihAHhly0T5W/SA/q0U0SqzOqnub:HpAXTySA/q30SqzO+u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7de7cecf841b42f549afdc916b93a5b

Files

c7de7cecf841b42f549afdc916b93a5b
.exe windows:5 windows x86 arch:x86

bf03e741fafa58d76db45672bbe86d67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf
atoi
strtoul
_stricmp
strncpy
strstr
_wcsnicmp
memmove
strchr
strncmp
_strnicmp
tolower
isspace
isprint
_wcsicmp
memcmp
strcpy
_chkstk
strcmp
strlen
memset
wcslen
memcpy
RtlUnwind
NtQueryVirtualMemory
wcsstr
_memccpy

kernel32

RegisterWaitForSingleObject
IsWow64Process
GetModuleHandleW
TerminateThread
CreateProcessW
ResumeThread
GetConsoleWindow
ExitProcess
Sleep
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
ExpandEnvironmentStringsW
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
GetCurrentProcess
CloseHandle
ReadFile
GetFileSize
CreateFileW
WriteFile
DeviceIoControl
CreateFileA
GetVersionExW
LocalFree
GetLastError
FindNextFileA
CopyFileA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
InitializeCriticalSection
ExitThread
ResetEvent
WaitForSingleObject
CreateThread
CreateEventW
SetEvent
DeleteFileW
GetTickCount
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
LocalAlloc
CopyFileW
RemoveDirectoryW
GetCurrentThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
lstrcatW
lstrcpynW
UnregisterWait
GetNativeSystemInfo
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetProcessTimes
OpenProcess
CreateEventA
TerminateProcess
GetTempPathW
OpenEventA
lstrcmpiW
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
VirtualFree
CreateRemoteThread
VirtualQueryEx
ReadProcessMemory
GetProcessHandleCount
VirtualAlloc
VirtualProtectEx
DuplicateHandle
GlobalFindAtomW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetComputerNameW

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenW
InternetCloseHandle

shlwapi

PathCombineA

ws2_32

gethostbyname
gethostname
inet_addr
closesocket
__WSAFDIsSet
socket
recv
htons
select
WSAStartup
accept
listen
bind
shutdown
WSAGetLastError
send
connect
ioctlsocket
ntohs
inet_pton
getsockopt
htonl
freeaddrinfo
getaddrinfo
sendto
recvfrom
getsockname
inet_ntoa

user32

wsprintfW
ShowWindow
CharNextA

advapi32

RegCloseKey
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
FreeSid
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
AllocateAndInitializeSid
CheckTokenMembership

shell32

SHGetFolderPathW
SHFileOperationW
SHGetFolderPathAndSubDirW

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 80.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf03e741fafa58d76db45672bbe86d67

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

wininet

shlwapi

ws2_32

user32

advapi32

shell32

ole32

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 16KB - Virtual size: 80.2MB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 16KB - Virtual size: 80.2MB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 51KB - Virtual size: 50KB