e0f9d89d9fd2940be80512ba2a0aa27b

Sharing

Copy URL Twitter E-mail

General

Target

e0f9d89d9fd2940be80512ba2a0aa27b
Size

44KB
MD5

e0f9d89d9fd2940be80512ba2a0aa27b
SHA1

429d328f49fde9ebac15797d8b080a6771b3124b
SHA256

b51d0539ea222b4bd169d75581597550c231c18e6fcc46cb2c4c0846ab2dc5bf
SHA512

8a4cf582a8a83bbdf1453051f20454a6f148acf4d677764a48d516ea053397e2869a78d357aaf2fd8d1bb5823f6bb3b35311e2599015d009de350f23ba2f8cd7
SSDEEP

384:Pe6O00gT7F0LtQ40D6xKr/CIw6Mdjb8z1YthyYn7Y4GPJQJoDDQTnySlYFH:W1k6LtQ40EKraFdDhH7VGPJQJoSyF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0f9d89d9fd2940be80512ba2a0aa27b

Files

e0f9d89d9fd2940be80512ba2a0aa27b
.exe windows:4 windows x86 arch:x86

3f90c4d459b76985f26252346666bec3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
htons
bind
listen
send
closesocket
accept
WSAAsyncSelect
recv
WSAStartup

kernel32

SetSystemPowerState
ExitProcess
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
WinExec
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetVersion
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalAlloc
LCMapStringW
GetCurrentProcess
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

GetMenu
wsprintfA
CheckMenuItem
EnableMenuItem
GetDlgItemTextA
SetDlgItemTextA
EndDialog
CallWindowProcA
DialogBoxParamA
ExitWindowsEx
MessageBoxA
SendMessageA
GetDC
DefWindowProcA
RegisterClassExA
CreateWindowExA
LoadIconA
GetMessageA
TranslateMessage

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
StretchBlt
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

Shell_NotifyIconA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f90c4d459b76985f26252346666bec3

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB