e18a24e6666ec0080bec6c2831a57af9

Sharing

Copy URL

Twitter E-mail

General

Target

e18a24e6666ec0080bec6c2831a57af9
Size

124KB
MD5

e18a24e6666ec0080bec6c2831a57af9
SHA1

8d99c3bd808652dcf9782b8f175b3573e9487c45
SHA256

48519bd9d63b0f1e24dd67fec60d7f225cd8a24e39a724dfa3b9fa134a510fb2
SHA512

56888d7af8070ec09cae4b5691106cec4cf0132ac89432933e6af56e12423859ffe2268159a36dbee93aa900c33a011f0c48a0a6f26e400345ccda5a1ff00e15
SSDEEP

3072:tIDDMzDZYq0VZRogJF/G/PQqqAFIiSPZo3j6F:t18RogJlGZI1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e18a24e6666ec0080bec6c2831a57af9

Files

e18a24e6666ec0080bec6c2831a57af9
.exe windows:4 windows x86 arch:x86

2e6c14b545a8d28a59bf2ceab9712f17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
inet_addr
__WSAFDIsSet
select
gethostbyname
socket
recv
send
ioctlsocket
htons
connect
WSACleanup
closesocket

kernel32

GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
lstrlenA
GetVersion
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
FreeLibrary
LoadLibraryA
GetProcessVersion
GlobalLock
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentProcess
SetFilePointer
FlushFileBuffers
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
HeapSize
HeapReAlloc
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
LeaveCriticalSection
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
lstrcpynA
SetLastError
GetModuleFileNameA
CopyFileA
SetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateThread
GetTickCount
GetTempPathA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
CreateProcessA
CreateEventA
SetEvent
CreateThread
Sleep
GetWindowsDirectoryA
FormatMessageA
WaitForSingleObject
WriteFile
ReleaseMutex
CreateMutexA
LocalAlloc
CreateFileA
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
lstrcmpA
CreateDirectoryA

advapi32

ChangeServiceConfig2A
GetUserNameA
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCloseKey
OpenServiceA
StartServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

comctl32

ord17

user32

CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetDlgCtrlID
GetWindowTextA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
RemovePropA
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
LoadStringA
UnhookWindowsHookEx
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
GetMessageTime
GetMessagePos
ReleaseDC
GetForegroundWindow

gdi32

SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetWindowExtEx
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e6c14b545a8d28a59bf2ceab9712f17

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

wininet

comctl32

user32

gdi32

winspool.drv

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 25KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 25KB