e2304b7b0c43160f41a21235da8ba5bd

Sharing

Copy URL Twitter E-mail

General

Target

e2304b7b0c43160f41a21235da8ba5bd
Size

167KB
MD5

e2304b7b0c43160f41a21235da8ba5bd
SHA1

364b933911597c6021c6352b2195802d7ece54b8
SHA256

72cef057c7086c8e4fc1132a8a664704e92d7c5ea0bd74e5feccc6fef94950dd
SHA512

01b8db409eb78ce56338890f2c2ed1ade4f0038388ba3177b8225ee875454ec233da01f9a8941842f256b14c80d1fe7d10d58f43817880616d7ae02a6bb3e53b
SSDEEP

3072:++JnsqBP7zmzv3KeJV+Kz7be8kZRrNqim8y9kp5xosjg:++JD8aWA8be8GrNU8ychjg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2304b7b0c43160f41a21235da8ba5bd

Files

e2304b7b0c43160f41a21235da8ba5bd
.exe windows:5 windows x86 arch:x86

9bd0cf31c8726c67a1e3c8dd700ac0e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
CreateThread
GetModuleFileNameA
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
FindClose
FindFirstFileA
DeleteFileA
SetFileAttributesA
TerminateProcess
OpenProcess
lstrcmpiA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcmpA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
GetFileAttributesA
GetTempPathA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
GetVersionExA
GetLocalTime
ExitProcess
GetCurrentProcessId
CopyFileA
WaitForSingleObject
CreateMutexA
GetCurrentProcess
GetLocaleInfoA
TerminateThread
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

ws2_32

inet_ntoa
sendto
getsockname
htonl
setsockopt
ioctlsocket
bind
listen
accept
recv
WSAStartup
inet_addr
htons
connect
closesocket
WSACleanup
socket
send
select
__WSAFDIsSet
WSAGetLastError

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bd0cf31c8726c67a1e3c8dd700ac0e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 10KB - Virtual size: 319KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 10KB - Virtual size: 319KB

.rsrc
Size: 512B - Virtual size: 436B