ce00f9692e2621d84b65f4dc3195d320

Sharing

Copy URL

Twitter E-mail

General

Target

ce00f9692e2621d84b65f4dc3195d320
Size

181KB
MD5

ce00f9692e2621d84b65f4dc3195d320
SHA1

580d7caf236cd28be89fd5223f2c12ab469a8d88
SHA256

12a8d5eefabfd922f518bc2a84b6fa9212fa9b5394ee04d84d2caba8fcb4d989
SHA512

1962b63964582e65a82d000f8f508203d8030a5ec6cc4a1479ff1c0115c7d1cd1a0b00186a5b27a98b1079fdb7d6347d2babc593f35ab03aa4219b6037e49aba
SSDEEP

3072:ViTgLAPpNEBRuB1lSSrjne1vq4iVXA3rbFYyxLDYjlSI56oNO9:ViMsELYlSSrjnmvqftK2yxf9sO9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce00f9692e2621d84b65f4dc3195d320

Files

ce00f9692e2621d84b65f4dc3195d320
.exe windows:5 windows x86 arch:x86

06211fd606d35abe78e5324eb206ac28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MultiByteToWideChar
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
GetModuleFileNameA
GetLastError
CreateThread
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetTempPathA
GetVersionExA
CopyFileA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
ExitProcess
DeleteFileA
lstrcmpiA
OpenProcess
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
GetCurrentProcess
TerminateProcess
GetLocaleInfoA
TerminateThread
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ReadFile
SetHandleCount
GetFileType
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetConsoleCP
GetConsoleMode

ws2_32

getsockname
WSASocketA
getsockopt
setsockopt
ioctlsocket
bind
listen
accept
WSAStartup
WSACleanup
inet_addr
htons
connect
recv
closesocket
socket
send
select
__WSAFDIsSet

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06211fd606d35abe78e5324eb206ac28

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

version

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 14KB - Virtual size: 326KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 14KB - Virtual size: 326KB

.rsrc
Size: 512B - Virtual size: 436B