e1735765ebac2d3a4e2f798c0d27904d

Sharing

Copy URL Twitter E-mail

General

Target

e1735765ebac2d3a4e2f798c0d27904d
Size

184KB
MD5

e1735765ebac2d3a4e2f798c0d27904d
SHA1

3468e68317fb8726b7935719176174b40c837e7f
SHA256

f3566c1a1f77193dc2afaf735f63ead5eea72e4e5dd6d1654de3cc7a2da92731
SHA512

76ba3d34f490ab4dec3a3c1f2e3c669f81f8024a62036bcdf6bf5966a111ddf5d62e1021e1f909287eb254a5b63c45b32c539ebbbf7c635f53a57813f1583bff
SSDEEP

3072:GD2vIrcdt1IWr5qCB58PzSTEkNMtMk4iTxcC7YIiBD2vIrcdN:y2acdt1IW9qW5q2THMChp2acdN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1735765ebac2d3a4e2f798c0d27904d

Files

e1735765ebac2d3a4e2f798c0d27904d
.exe windows:4 windows x86 arch:x86

9681fb288872980c4c7f68eb8719ed60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
send
recv
inet_addr
htons
connect
closesocket
WSAStartup
WSASocketA
WSAGetLastError
WSACleanup
WSAAsyncSelect

advapi32

AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
DeleteService
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FlushFileBuffers
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
MultiByteToWideChar
OpenEventA
OpenMutexA
OpenProcess
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetPriorityClass
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcpyA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord16
ord17

comdlg32

GetFileTitleA

gdi32

BitBlt
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetDeviceCaps
GetMapMode
GetObjectA
SelectObject
SetBkMode
SetMapMode
StretchBlt
TextOutA

shell32

Shell_NotifyIconA

user32

BeginPaint
ChangeDisplaySettingsA
CreateDialogParamA
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
EnumDisplaySettingsA
EnumThreadWindows
EnumWindows
ExitWindowsEx
FindWindowA
GetDlgItem
GetIconInfo
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InvalidateRgn
IsDlgButtonChecked
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MoveWindow
PostMessageA
PostQuitMessage
RegisterClassExA
RegisterHotKey
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
wsprintfA

winmm

mciSendCommandA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails

Exports

Exports

@@Proclog@Finalize
@@Proclog@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9681fb288872980c4c7f68eb8719ed60

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

version

comctl32

comdlg32

gdi32

shell32

user32

winmm

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 76KB

.data Size: 22KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 8KB

.reloc Size: 33KB - Virtual size: 36KB

.text
Size: 74KB - Virtual size: 76KB

.data
Size: 22KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 33KB - Virtual size: 36KB