ce1778807f46778d6fae3d3d641eb470

Sharing

Copy URL

Twitter E-mail

General

Target

ce1778807f46778d6fae3d3d641eb470
Size

62KB
MD5

ce1778807f46778d6fae3d3d641eb470
SHA1

6d160c92cae126d3befcf459cf65bb476c9a4cef
SHA256

f7523ff723b30e13fd0633dc6690d96ea6bae5e0520d1ebf1fdf53ba2dee59bd
SHA512

80646c649e208eb9006d190f1221aea9fdb4e6cd364e00a8047cbd638bc85c2decd11616532434d3a7890e0e7e217ee1cf4533dff9643283556f7af050859ba6
SSDEEP

1536:yhqmmOk+mv7XkyKKlcl/lAA6GUF28qKG+cyGA:5NOWrdlc/lX6z29KGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce1778807f46778d6fae3d3d641eb470

Files

ce1778807f46778d6fae3d3d641eb470
.exe windows:4 windows x86 arch:x86

b9341c861c329630c52801f62561559b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
CreateServiceA
StartServiceA

shlwapi

StrStrIA
StrStrA
wnsprintfA

ws2_32

closesocket
sendto
setsockopt
getsockname
recvfrom
send
socket
connect
htons
WSAStartup
getsockopt
inet_ntoa
gethostbyname
recv

kernel32

WriteFile
CreateFileA
MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcmpW
GetSystemTime
CreateProcessA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLastError
GetCommandLineA
GetVersion
MapViewOfFile
CreateFileMappingA
ExitProcess
ExitThread
Sleep
TerminateThread
OpenThread
GetCurrentThreadId
CloseHandle
CreateThread
CreateMutexA
OpenMutexA
GetSystemDirectoryA
lstrcmpA
lstrlenW
IsBadReadPtr
lstrcmpiA
GetTickCount
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetTimeZoneInformation

user32

GetDC
wsprintfA
CharLowerA

dnsapi

DnsQuery_A
DnsExtractRecordsFromMessage_W
DnsRecordListFree

gdiplus

GdipDeletePen
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipDeleteFont
GdipLoadImageFromStream
GdipCreatePen1
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

shell32

ShellExecuteA

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9341c861c329630c52801f62561559b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

gdiplus

gdi32

ole32

shell32

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 21.2MB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 21.2MB

.rsrc
Size: 14KB - Virtual size: 14KB