ce0831ab0367b293afc4c0a2c412e468

Sharing

Copy URL Twitter E-mail

General

Target

ce0831ab0367b293afc4c0a2c412e468
Size

63KB
MD5

ce0831ab0367b293afc4c0a2c412e468
SHA1

9f85fadb9a676c969c99f519bf6ac01d00bb6062
SHA256

e24cd0586220e46cfdcdb69d9e26f209407599df88235c1a59c372d335b5a5ea
SHA512

1729e2e61f987e277f323662a1a8cfcc3016f05aac39133116e157a05ee0a4358fd217693febf40e069bda46e04621d6d64fee833a841dae32e5260010bd7507
SSDEEP

1536:XhqR4KQsVaa2Eb+wkP72RV3WoRkGz3RiOhBto1PrP:o9QdKLkP72TGEliOhBto1PD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce0831ab0367b293afc4c0a2c412e468

Files

ce0831ab0367b293afc4c0a2c412e468
.exe windows:4 windows x86 arch:x86

16c44d7f1d6634a564fa5812fea24048

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shlwapi

StrStrIA
StrStrA
wnsprintfA

ws2_32

closesocket
sendto
setsockopt
getsockname
recvfrom
send
socket
connect
htons
WSAStartup
gethostbyname
getsockopt
inet_ntoa
recv

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcmpW
GetSystemTime
GetSystemDirectoryA
OpenFile
SetFilePointer
WriteFile
CreateProcessA
WriteProcessMemory
GetCommandLineA
GetVersion
MapViewOfFile
CreateFileMappingA
ExitProcess
ExitThread
Sleep
TerminateThread
OpenThread
GetCurrentThreadId
CloseHandle
CreateThread
CreateMutexA
OpenMutexA
lstrcmpA
lstrlenW
IsBadReadPtr
lstrcmpiA
GetTickCount
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetTimeZoneInformation
GetLastError
Process32Next
VirtualAllocEx
OpenProcess
CreateToolhelp32Snapshot
CreateRemoteThread

user32

GetDC
wsprintfA
CharLowerA

dnsapi

DnsQuery_A
DnsExtractRecordsFromMessage_W
DnsRecordListFree

gdiplus

GdipDeletePen
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipDeleteFont
GdipLoadImageFromStream
GdipCreatePen1
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

shell32

ShellExecuteA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16c44d7f1d6634a564fa5812fea24048

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

gdiplus

gdi32

ole32

shell32

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 21.2MB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 21.2MB