661f30ad40a33aaf7754099b56031ff90c0ebf869bfc599072f56158de015808

Sharing

Copy URL Twitter E-mail

General

Target

661f30ad40a33aaf7754099b56031ff90c0ebf869bfc599072f56158de015808
Size

72KB
MD5

fd8542f269bfb4338861499bd04a84ba
SHA1

a4ea38b1873198d12c472eb52ed8eaf2086ecca7
SHA256

661f30ad40a33aaf7754099b56031ff90c0ebf869bfc599072f56158de015808
SHA512

bc6b00592ee45ab8f02b413b4bbda7d1b3788c3c853f87b61f9638622ade27b3e1f5db36429a85974bf486a419c9b5424b37d6474ddab622f0a806d68ee5c51d
SSDEEP

768:fe9JYFTX3Jjf0JA/rJ4Tg6ZY0I3Krl3D4HzxipV4RDoHmjKqOGFEPw:RNmTg6ZYDax340pV1WKqOGFEPw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
661f30ad40a33aaf7754099b56031ff90c0ebf869bfc599072f56158de015808

Files

661f30ad40a33aaf7754099b56031ff90c0ebf869bfc599072f56158de015808
.dll windows:4 windows x86 arch:x86

7c11f5c99fb023239e4f49dc471b5785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

select
recvfrom
inet_addr
gethostbyname
setsockopt
WSAGetLastError
sendto
gethostbyaddr
WSASocketA
WSAIoctl
inet_ntoa
closesocket
WSAStartup
WSACleanup

kernel32

VirtualFree
FlushFileBuffers
GetStringTypeW
GetStringTypeA
ReleaseMutex
CloseHandle
OutputDebugStringA
WaitForSingleObject
CreateMutexA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
LCMapStringW
GetEnvironmentStringsW
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetACP
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetStdHandle
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA

Exports

Exports

CreateInstance

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c11f5c99fb023239e4f49dc471b5785

Headers

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB