ca64b5eaa16bae6f930aa3f80f7844e7

Sharing

Copy URL Twitter E-mail

General

Target

ca64b5eaa16bae6f930aa3f80f7844e7
Size

419KB
MD5

ca64b5eaa16bae6f930aa3f80f7844e7
SHA1

f0af818b109d02fd7eae76a6b5a42e79030a5549
SHA256

efcd5559a5e06bcf3c785ecbe454f2ff42057c847d68ae4b3d870ca599d963cb
SHA512

2dc75daf0c8ab799a36e390eb9093e2a9ff80beca3b5935448632e93cde599de165b63df70af00e6c337805a49d46a3126fde92d356009b5dd8381aad415ab1d
SSDEEP

12288:ZYp4eS44EMaZFIV1I4Mr6h3tpNLkeyP2leKLc3W8l8nso:Ze4erbMW6Ph3tpNLk3PnKLcGLns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca64b5eaa16bae6f930aa3f80f7844e7

Files

ca64b5eaa16bae6f930aa3f80f7844e7
.exe windows:4 windows x86 arch:x86

4a3f89a7a59ba5c9b470c56d58f34fe8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventA
CryptGetUserKey
RegReplaceKeyA
CryptHashData
CryptEncrypt
RegNotifyChangeKeyValue
CryptSignHashA
RegSaveKeyW
RegEnumValueA
CryptCreateHash
StartServiceA
LookupPrivilegeValueA
CryptDuplicateHash
CryptGetProvParam
RegCloseKey
RegQueryInfoKeyW
CryptEnumProvidersA
CryptGetHashParam
GetUserNameA
InitiateSystemShutdownW
CryptAcquireContextA
RegLoadKeyA
CryptDeriveKey
CryptSignHashW
CryptReleaseContext
DuplicateToken
RegOpenKeyA
RevertToSelf
RegOpenKeyExW
LookupPrivilegeDisplayNameA
InitializeSecurityDescriptor
RegCreateKeyExA
StartServiceW
CryptDecrypt
RegCreateKeyA
LookupPrivilegeNameW
CryptSetProviderA
CryptGenRandom
RegDeleteKeyW
CryptVerifySignatureW
CryptSetProviderExW
LogonUserW
AbortSystemShutdownA
LookupPrivilegeDisplayNameW
RegSetKeySecurity
RegOpenKeyExA
CryptAcquireContextW
RegFlushKey
RegSetValueExA
RegCreateKeyExW
CryptDestroyKey
LookupAccountNameW
RegOpenKeyW
RegLoadKeyW
RegSetValueA
RegConnectRegistryA
CryptSetProvParam
RegQueryValueW
RegCreateKeyW
RegEnumKeyExA
CryptContextAddRef
RegRestoreKeyW
CryptGetDefaultProviderW
RegQueryMultipleValuesA
LookupSecurityDescriptorPartsA
CryptGetDefaultProviderA
CryptEnumProvidersW
RegSetValueW
CryptImportKey
RegQueryMultipleValuesW
CryptGetKeyParam
CreateServiceA
CryptSetKeyParam
AbortSystemShutdownW
RegSaveKeyA

wininet

GetUrlCacheHeaderData
FindNextUrlCacheEntryExA
FtpGetFileSize
InternetSetOptionExW
InternetConfirmZoneCrossing
InternetGoOnlineA
InternetGetConnectedStateEx
DetectAutoProxyUrl
SetUrlCacheConfigInfoA
InternetGoOnlineW
InternetAlgIdToStringW
InternetCreateUrlW
FtpRemoveDirectoryA
SetUrlCacheGroupAttributeW
GetUrlCacheGroupAttributeA
FtpGetFileA
SetUrlCacheEntryInfoW
InternetWriteFile
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetTimeFromSystemTimeW
InternetCloseHandle
FindNextUrlCacheContainerW
InternetConnectW
GopherOpenFileW
FindNextUrlCacheEntryExW
DeleteUrlCacheContainerW
InternetConfirmZoneCrossingW
GetUrlCacheEntryInfoW
InternetSetCookieW
RetrieveUrlCacheEntryStreamA
FtpDeleteFileA
FtpOpenFileW
FindFirstUrlCacheEntryW
FtpCommandA
CreateUrlCacheEntryA
CreateUrlCacheContainerA
FtpSetCurrentDirectoryW
UnlockUrlCacheEntryFile
FtpCreateDirectoryW
DeleteIE3Cache
RetrieveUrlCacheEntryStreamW
SetUrlCacheEntryGroup
SetUrlCacheEntryInfoA
HttpAddRequestHeadersA
FindFirstUrlCacheContainerW
FtpGetFileEx
InternetQueryFortezzaStatus
FindNextUrlCacheContainerA
InternetTimeToSystemTimeW
FindFirstUrlCacheEntryExA
InternetAutodialHangup
InternetOpenA
FtpCommandW
RegisterUrlCacheNotification
IsUrlCacheEntryExpiredW
GopherFindFirstFileA
HttpAddRequestHeadersW
GopherGetLocatorTypeW
FreeUrlCacheSpaceW
FtpGetCurrentDirectoryW
InternetGetConnectedState
GopherCreateLocatorA
FtpPutFileEx
UrlZonesDetach
InternetSetFilePointer

shell32

SHFreeNameMappings
SHEmptyRecycleBinA
DragQueryFile
SHChangeNotify
SHFileOperationW
RealShellExecuteExW
RealShellExecuteExA
SHFormatDrive
ExtractAssociatedIconExW
ExtractIconExA
SheChangeDirExW
SHGetSettings
SHGetFileInfoW
DragAcceptFiles
ShellExecuteExA
SHQueryRecycleBinA
ExtractAssociatedIconExA
SheRemoveQuotesW
ShellAboutA
ShellHookProc
SHGetDiskFreeSpaceA
SHUpdateRecycleBinIcon
ShellAboutW
SheFullPathA
SHGetSpecialFolderLocation
SHGetNewLinkInfo
SHFileOperationA
SHFileOperation
SHGetPathFromIDListW
DuplicateIcon
DragQueryFileAorW
SheRemoveQuotesA
ExtractIconResInfoW
DragQueryFileA
RealShellExecuteA
SheConvertPathW

wsock32

inet_ntoa
ntohs
recv
ord1000
accept
WSASetBlockingHook
ord1130
htonl
getsockname
WSAAsyncGetServByPort
ord1141
htons
ord1113
gethostbyaddr
ord1142
ord1105
inet_addr
bind
WSAGetLastError
WSAAsyncGetProtoByName
ord1111
connect
getprotobynumber
send
WSAAsyncGetServByName
ord1140
listen
ord1106
getservbyname
WSAUnhookBlockingHook
recvfrom
ord1119
setsockopt
ord1114
ord1118
gethostbyname

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
SetComputerNameW
GlobalFix
LoadLibraryW
SetHandleCount
FlushFileBuffers
GetProcessVersion
SetConsoleTextAttribute
WriteFile
ReadConsoleOutputW
FreeLibraryAndExitThread
Module32First
CommConfigDialogA
WriteConsoleOutputA
GetUserDefaultLangID
GetShortPathNameA
UpdateResourceW
SetEvent
GetTempFileNameA
LockResource
HeapCreate
InterlockedCompareExchange
SetLocaleInfoA
ExpandEnvironmentStringsW
GetProfileIntW
GetStringTypeW
lstrcatA
GetProcAddress
SetVolumeLabelA
DuplicateHandle
GetLocaleInfoW
TransactNamedPipe
GetSystemPowerStatus
LeaveCriticalSection
GetFileTime
WriteConsoleW
WriteConsoleInputW
WaitForMultipleObjectsEx
AddAtomA
ReadConsoleW
FreeConsole
WriteConsoleOutputAttribute
GetLocalTime

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a3f89a7a59ba5c9b470c56d58f34fe8

Headers

File Characteristics

Imports

advapi32

wininet

shell32

wsock32

kernel32

Sections

.text Size: 257KB - Virtual size: 256KB

.data Size: 162KB - Virtual size: 161KB

.text
Size: 257KB - Virtual size: 256KB

.data
Size: 162KB - Virtual size: 161KB