df763da7cee314c5af0081e683587f4a

Sharing

Copy URL Twitter E-mail

General

Target

df763da7cee314c5af0081e683587f4a
Size

48KB
MD5

df763da7cee314c5af0081e683587f4a
SHA1

c0515db5ab6f834df77c4a492ed4d889a9f5df5d
SHA256

730769a242f46cc5ef462e908473c718b80dc5d624ef322448d00ebcf57efd93
SHA512

aebfcb46a029f33926ad0c6972626d165f9906e569e8700c74f08522f72fcdfdb21757a08be51fc4906ff5d1047ec0242cc297af1641070b0bf7ace54b4899d6
SSDEEP

768:4+7miSkrxvs1o0QHe1LHXh2Z3spWSFoBVhFDrLFbe7ceUrmxRUuG+ykJILET:Z7miSkrxvCo07O3OWpNkSmxRUubPu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df763da7cee314c5af0081e683587f4a

Files

df763da7cee314c5af0081e683587f4a
.exe windows:4 windows x86 arch:x86

fbf82659ec88ffeea01515c82e706775

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetComputerNameA
GetDiskFreeSpaceExA
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetVersionExA
GetProcAddress
GlobalMemoryStatus
GetTickCount
TerminateProcess
MoveFileExA
GetModuleHandleA
FreeLibrary
LoadLibraryExA
LocalAlloc
GetStartupInfoA
LocalFree
FindNextFileA
DeleteFileA
SetCurrentDirectoryA
MultiByteToWideChar
OpenProcess
GetShortPathNameA
CreateToolhelp32Snapshot
Module32First
Module32Next
WriteFile
GlobalFree
CreateFileA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
ExitThread
CreateProcessA
GetModuleFileNameA
CopyFileA
GetLastError
CreateThread
Sleep
GetSystemDirectoryA
FindFirstFileA
GetSystemInfo
FindClose

user32

wsprintfA
ExitWindowsEx

advapi32

ControlService
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameA
DeleteService
EnumServicesStatusA

ws2_32

WSACleanup
connect
gethostname
ntohl
bind
ntohs
listen
htonl
select
accept
send
recv
inet_ntoa
socket
gethostbyname
closesocket
WSAStartup
WSASocketA
htons
inet_addr
getsockname

iphlpapi

SendARP
GetAdaptersInfo
SetTcpEntry
GetTcpTable

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

netapi32

NetApiBufferFree
NetUserAdd
NetLocalGroupAddMembers
NetUserDel
NetUserEnum

msvcrt

_strnicmp
_controlfp
_stricmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
strstr
strncmp
atoi
free
localtime
asctime
fgets
wcscpy
mbstowcs
time
srand
rand
strtok
strncpy
__CxxFrameHandler
??2@YAPAXI@Z
malloc
_snprintf
fopen
fwrite
fclose
printf
strncat
strchr
sprintf
_except_handler3
exit

Sections

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbf82659ec88ffeea01515c82e706775

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

wininet

psapi

netapi32

msvcrt

Sections

.data Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.data
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB