d3eec31eb5c2ed2ce92241d0f5c00fcc

Sharing

Copy URL Twitter E-mail

General

Target

d3eec31eb5c2ed2ce92241d0f5c00fcc
Size

268KB
MD5

d3eec31eb5c2ed2ce92241d0f5c00fcc
SHA1

836dd555c45e7aba0cf2da9396085eff27a2948e
SHA256

f2ea45d90308d653cbcc78722760c4c17d2513a28372f55e5dfa174053b00e0f
SHA512

f631d0f798e7bc761a3befabcff64d3a330e500b10d7d7b9dbf120add09a71c8c551bf27ed1ade6091e353d45591f6431bba3fc23eb37caeebd0f99004c3e559
SSDEEP

6144:3oVOsIScfmFvpgpo7I3u8bLL6ze83i7f+6omlcAa40bNr:bSceBQ5LEe83i7fqfbN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3eec31eb5c2ed2ce92241d0f5c00fcc

Files

d3eec31eb5c2ed2ce92241d0f5c00fcc
.exe windows:4 windows x86 arch:x86

06ca195df99da738071a742d6bc0513b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
fflush
printf
sprintf
_errno
strerror
perror
__mb_cur_max
_isctype
__CxxFrameHandler
calloc
_iob
fprintf
free
sscanf
strrchr
fwrite
fseek
ftell
_strdup
_stricmp
fread
fputc
wcscat
fopen
fclose
_snprintf
_ftol
rand
srand
malloc
strncat
exit
strncmp
atof
strchr
_vsnprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
strtok
strstr
strncpy
??3@YAXPAX@Z
system
atoi
_purecall
_controlfp
_pctype
_memccpy

msvcp60

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

kernel32

OpenProcess
GetStartupInfoA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
SetThreadPriority
GetProcessAffinityMask
TlsSetValue
FreeLibrary
WaitForMultipleObjects
CreateEventA
GetCurrentThreadId
DuplicateHandle
InterlockedIncrement
GetThreadPriority
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
SetEvent
WaitForSingleObject
ResetEvent
InterlockedDecrement
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
CreateThread
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThread
GetCurrentProcess
TerminateProcess
FindResourceA
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
GetLocalTime
GetLastError
GetTempPathA
WriteFile
LoadLibraryA
GetProcAddress
CopyFileA
GetTickCount
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
GetStdHandle
AllocConsole
FreeConsole
Sleep
CloseHandle
GetModuleFileNameA
GetModuleHandleA
SetFileTime
GetFileTime
CreateFileA
GetWindowsDirectoryA

user32

ExitWindowsEx
wsprintfA

advapi32

OpenServiceA
RegCloseKey
EnumServicesStatusA
OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
RegDeleteValueA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
RegCreateKeyExA
GetUserNameA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ws2_32

listen
bind
select
WSAGetLastError
accept
__WSAFDIsSet
recv
getpeername
ioctlsocket
WSAStartup
ntohl
recvfrom
sendto
setsockopt
getservbyname
shutdown
WSASetLastError
gethostbyname
inet_ntoa
WSACleanup
send
closesocket
socket
htons
connect
getsockname
inet_addr
htonl
gethostbyaddr

mpr

WNetAddConnection2W
WNetCancelConnection2W

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

dnsapi

DnsQuery_A

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.00000
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0000
Size: 16KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00000
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00000
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ca195df99da738071a742d6bc0513b

Headers

File Characteristics

Imports

msvcrt

msvcp60

kernel32

user32

advapi32

shell32

ws2_32

mpr

psapi

dnsapi

Sections

.text Size: 208KB - Virtual size: 205KB

.00000 Size: 16KB - Virtual size: 15KB

.0000 Size: 16KB - Virtual size: 795KB

.00000 Size: 8KB - Virtual size: 6KB

.00000 Size: 16KB - Virtual size: 12KB

.text
Size: 208KB - Virtual size: 205KB

.00000
Size: 16KB - Virtual size: 15KB

.0000
Size: 16KB - Virtual size: 795KB

.00000
Size: 8KB - Virtual size: 6KB

.00000
Size: 16KB - Virtual size: 12KB