1cfedcba10b4c90789f2c4a6a1ce2c3d4197058e574942400f571bc5d06df70e

Sharing

Copy URL Twitter E-mail

General

Target

1cfedcba10b4c90789f2c4a6a1ce2c3d4197058e574942400f571bc5d06df70e
Size

526KB
MD5

7b8dc7d090f8b8fae9fc8f7549ae6411
SHA1

20b5f05713e7634a79f448df747b694039df3d2b
SHA256

1cfedcba10b4c90789f2c4a6a1ce2c3d4197058e574942400f571bc5d06df70e
SHA512

d4fa012b06fa6c4bdc6905f7edbbe3a589a3be41d4b1f782625496423394cf7ea621d6b9b8510168bbef2720e96858b39a7615d3b849a95da3c0f94d17608b9f
SSDEEP

6144:gek+uyH2txMRwdckwb1E+4t9YwScDPWQ6ur4bRL6C:3kn06edqSI/6KU

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cfedcba10b4c90789f2c4a6a1ce2c3d4197058e574942400f571bc5d06df70e

Files

1cfedcba10b4c90789f2c4a6a1ce2c3d4197058e574942400f571bc5d06df70e
.exe windows:4 windows x86 arch:x86

5625f9f6547d65c7e264352a27fea74c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrToIntA
StrStrA

shell32

ShellExecuteA

ws2_32

WSAStartup
send
select
__WSAFDIsSet
recv
getpeername
ntohs
setsockopt
WSAIoctl
htons
socket
connect
closesocket
gethostbyname
inet_addr
sendto
WSASocketA
htonl

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
fopen
fclose
fseek
ftell
fread
??2@YAPAXI@Z
malloc
sprintf
rand
strncmp
_except_handler3

kernel32

ReleaseMutex
InterlockedExchange
LocalAlloc
GetLocaleInfoW
GetComputerNameA
GlobalMemoryStatusEx
GetStartupInfoA
VirtualAlloc
VirtualAllocEx
VirtualProtectEx
GetModuleHandleA
WriteProcessMemory
SetThreadContext
GetThreadContext
ReadProcessMemory
VirtualQueryEx
TerminateProcess
ExitThread
GetTickCount
GetSystemDirectoryA
CopyFileA
CreateMutexA
WaitForSingleObject
GetFileAttributesA
GetFileSize
GlobalAlloc
ReadFile
GlobalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
FindResourceA
SizeofResource
LoadResource
LockResource
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
WriteFile
Sleep
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcpynA
DeleteFileA
ExitProcess
SetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
OpenMutexA
WinExec
lstrcatA
GetTempPathA
lstrlenA
CreateFileA
RaiseException

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 499KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5625f9f6547d65c7e264352a27fea74c

Headers

File Characteristics

Imports

shlwapi

shell32

ws2_32

msvcrt

kernel32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 499KB - Virtual size: 520KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 499KB - Virtual size: 520KB