ca915b2f777af3054b55a3864226b6dd

Sharing

Copy URL Twitter E-mail

General

Target

ca915b2f777af3054b55a3864226b6dd
Size

325KB
MD5

ca915b2f777af3054b55a3864226b6dd
SHA1

ed3e569d959aa5221ac93326a28fb1e349e2c230
SHA256

71f61893a4b94160c6e97bf54cd0f06a6566ffaa4786eb9c88fcf5a88fdeb0b6
SHA512

619a178076a02cfb0bdffa7cda1acbe3fc95ff8d02a55f3df9621a77e26f89defe9b1c21e5783ba5240e93dbd70e52d78a9c92a8fc545a31cf50bc481290ed22
SSDEEP

6144:XR9msnkGEx381o9j/mH0HVa7+rBMczaBWJTpS7OQ5:BfItd9rmAa78BtJqOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca915b2f777af3054b55a3864226b6dd

Files

ca915b2f777af3054b55a3864226b6dd
.exe windows:5 windows x86 arch:x86

a2748ec9a9d4c62159ba8974d23f962c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

ntdll

RtlAnsiStringToUnicodeString
NtAllocateVirtualMemory
_wcsicmp
memmove
RtlIsNameLegalDOS8Dot3
_vsnwprintf
qsort
wcslen
RtlUnwind
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
_chkstk

kernel32

GetModuleHandleA
GetProcessVersion
GetFullPathNameW
TlsGetValue
ExpandEnvironmentStringsW
InterlockedIncrement
lstrcpyA
EnterCriticalSection
SetUnhandledExceptionFilter
lstrcmpiW
DisableThreadLibraryCalls
GlobalReAlloc
MultiByteToWideChar
GetSystemDefaultUILanguage
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
DelayLoadFailureHook
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetACP
SetCurrentDirectoryW
LoadLibraryA
SizeofResource
LocalFree
MulDiv
GetProfileStringW
FormatMessageW
lstrlenW
FindNextFileW
TlsFree
CreateFileW
SetLastError
GetSystemTimeAsFileTime
GetUserDefaultLCID
CreateThread
SetEvent
DeleteCriticalSection
LoadResource
ResetEvent
FreeLibrary
GetTempFileNameW
LocalAlloc
TlsAlloc
lstrlenA
GetDriveTypeW
InterlockedExchange
GetTickCount
LockResource
GetLocaleInfoW
GlobalUnlock
WaitForSingleObject
FreeResource
GlobalAlloc
TlsSetValue
lstrcpynW
FindResourceW
GetShortPathNameW
FindResourceA
GetVersionExA
FindClose
CloseHandle
lstrcmpW
LoadLibraryW
FindResourceExW
LeaveCriticalSection
GlobalLock
CreateEventW
InterlockedDecrement
GetModuleFileNameW
FindFirstFileW
QueryPerformanceCounter
GlobalFree
LocalReAlloc
InterlockedCompareExchange
DeleteFileW
UnhandledExceptionFilter
GetModuleHandleW
LocalSize
WideCharToMultiByte
FreeLibraryAndExitThread
GetProcAddress
GetCurrentProcessId
GetLastError
GetVolumeInformationW
lstrcpyW

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a2748ec9a9d4c62159ba8974d23f962c

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

kernel32

mswsock

Sections

.text Size: 65KB - Virtual size: 64KB

.rsrc Size: 73KB - Virtual size: 73KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 25KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rsrc
Size: 73KB - Virtual size: 73KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 25KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB