c8db9c1231f2632731e3bb1de8f6af6a

Sharing

Copy URL Twitter E-mail

General

Target

c8db9c1231f2632731e3bb1de8f6af6a
Size

98KB
MD5

c8db9c1231f2632731e3bb1de8f6af6a
SHA1

05587ea27b361cae8017f2014944c92eaec5bc03
SHA256

311e87c3dd4da9a0796cb94ed4c625e98f0715c92cb9eefe99590ee97f4157b5
SHA512

7a242b3183039814c1b9f13b0a61ddf4ae997ce260e09b94b9b45f06953077503455e6f256d4cfd221dd53d6033db9c788cf8652d0d379546566f16063024376
SSDEEP

1536:ZY0b5xpi6qO6vsu144qFS3OmlMrDB1cUzhnjQjTlKumt9No8t5fb0:K0b9i6q/s2441lMp7jQ2t7o8t5z0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8db9c1231f2632731e3bb1de8f6af6a

Files

c8db9c1231f2632731e3bb1de8f6af6a
.exe windows:4 windows x86 arch:x86

359445653cb18a2ce10a545fa48d522f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
inet_ntoa
setsockopt
gethostbyaddr
WSAStartup
WSACleanup
__WSAFDIsSet
gethostbyname
ioctlsocket
connect
WSAGetLastError
socket
htons
bind
getsockname
ntohs
listen
inet_addr
htonl
select
accept
closesocket
recv
send

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
ExitProcess
GetTickCount
CloseHandle
Sleep
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
lstrcpyA
lstrlenA
lstrcpynA
FreeLibrary
HeapSize
LoadLibraryA
CreateThread
WriteFile
GetModuleFileNameA
GetSystemDirectoryA
GetTimeFormatA
GetDateFormatA
GetWindowsDirectoryA
GetVersionExA
GlobalMemoryStatus
GetFileAttributesA
GetExitCodeProcess
PeekNamedPipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
MoveFileA
TerminateThread
CreateDirectoryA
DeleteFileA
GetLastError
CreateMutexA
GetCommandLineA
SetFileAttributesA
CopyFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
GetOEMCP
SetEndOfFile
GetProcAddress
GetACP
GetCPInfo
HeapAlloc
GetModuleHandleA
HeapFree
GetProcessHeap
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
MultiByteToWideChar
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount

user32

GetForegroundWindow
GetKeyState
GetAsyncKeyState
CharToOemA
CharUpperBuffA
GetWindowTextA
ExitWindowsEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteA

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

359445653cb18a2ce10a545fa48d522f

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 55KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 55KB

.rsrc
Size: 512B - Virtual size: 176B