df18664edeae777d53de04c363756e9c

General

Target

df18664edeae777d53de04c363756e9c
Size

181KB
MD5

df18664edeae777d53de04c363756e9c
SHA1

6ff4e1aaae98655d68c146af8608462c62ace0df
SHA256

67f8f9743ad381ef51dcc707ac7c65c3ebfb8523e43dcc9447947df80755dbda
SHA512

417a4858d77566ec46d003c45ea591ab845c23c1d757a87765046d02e90f11b0dbacba50f37494cd8f442269da33f1e07debde85aac98f4d3e43676aba8983c1
SSDEEP

3072:vp1VTboUFpWlZlmGyDrBoQdYC3qbDvFKZzE/WrEwuhbGNedTep2ufFx:vNTboUPWRkDrBoVVP+luYNMCpNX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df18664edeae777d53de04c363756e9c

Files

df18664edeae777d53de04c363756e9c
.exe windows:4 windows x86 arch:x86

c39e82724c382eae24a1484c7dc9dc2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryObject
ZwLoadDriver
memset
wcsstr
RtlFreeUnicodeString
RtlInitAnsiString
RtlUniform
strstr
strlen
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
vsprintf
memcpy

psapi

GetProcessImageFileNameA
EnumProcesses

iphlpapi

GetAdaptersInfo

ws2_32

htons
send
htonl
WSAStartup
connect
closesocket
socket

kernel32

lstrcpyA
DeleteFileA
lstrcpyW
GetSystemTime
CloseHandle
DuplicateHandle
GetModuleHandleA
GetModuleFileNameA
FindClose
EnterCriticalSection
CopyFileA
VirtualAlloc
GetLastError
FindFirstFileA
GetFileSizeEx
CreateFileA
GetCurrentProcess
VirtualFree
GetWindowsDirectoryA
WriteFile
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
Sleep
LeaveCriticalSection
ReadFile
lstrcatA

user32

CharLowerW

advapi32

RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
OpenSCManagerA
LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA
EnumServicesStatusA
OpenProcessToken
CloseServiceHandle

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c39e82724c382eae24a1484c7dc9dc2c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

psapi

iphlpapi

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 61B

.sdata Size: 60KB - Virtual size: 60KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 61B

.sdata
Size: 60KB - Virtual size: 60KB