cd0a4c7efe7b6957ada9d4d424750d02

Sharing

Copy URL Twitter E-mail

General

Target

cd0a4c7efe7b6957ada9d4d424750d02
Size

228KB
MD5

cd0a4c7efe7b6957ada9d4d424750d02
SHA1

55b2429f2e57e01d5677b71ac99b63b6c6655999
SHA256

0cf990599ce23d7a4caa6896af3c7c3af3334b7260d9a49631239e2d6a44e4a6
SHA512

ee1b713ad4fae22f1add1be9b68b8a68b8aba82b884511aa3e326f50ec8dee6a35b6506f13267c90ed0c0f8f47f251d7c6602434827675e66acfcefb14290972
SSDEEP

768:W6bpEdPqb0HtXrS5tbb/kJ9odGwsy4VqXg:DbAqbsrSPH/kIzsy4Vp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd0a4c7efe7b6957ada9d4d424750d02

Files

cd0a4c7efe7b6957ada9d4d424750d02
.exe windows:4 windows x86 arch:x86

f476ed6f6cae5496b8aab59102a25d34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
DeleteFileA
LocalFree
ReadFile
LocalAlloc
CreateThread
FindNextFileA
FindClose
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
WriteFile
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
GetFileSize
GetVersionExA
ExpandEnvironmentStringsA
TerminateProcess
GetExitCodeProcess
GetLastError
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GetTickCount
lstrlenA
Sleep
CopyFileA
GetCurrentProcessId
CreateMutexA
GetModuleFileNameA
CreateDirectoryA
GetStartupInfoA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
LoadLibraryA
GetProcAddress
WinExec
FreeLibrary

user32

wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
LookupPrivilegeValueA

shell32

ShellExecuteA

ws2_32

WSAStartup
inet_addr
socket
gethostbyname
htons
connect
recv
getsockname
inet_ntoa
closesocket
send

wininet

InternetConnectA
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
FtpPutFileA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

_tempnam
strstr
sscanf
??2@YAPAXI@Z
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_stricmp
strncpy
difftime
atoi
srand
_except_handler3
malloc
free
_errno
_open
_read
_write
_close
_lseek
remove
??3@YAXPAX@Z
strrchr
sprintf
rand
memmove
strftime
localtime
time
_strupr

Sections

pec1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f476ed6f6cae5496b8aab59102a25d34

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

msvcrt

Sections

pec1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 192KB - Virtual size: 192KB

.rsrc Size: 4KB - Virtual size: 4KB

pec1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 192KB - Virtual size: 192KB

.rsrc
Size: 4KB - Virtual size: 4KB