e24719d1a6950b2fd309848aebf27938

Sharing

Copy URL Twitter E-mail

General

Target

e24719d1a6950b2fd309848aebf27938
Size

175KB
MD5

e24719d1a6950b2fd309848aebf27938
SHA1

a150ace0003e69e07ab2793c2a344fa7d74b1222
SHA256

791e0d36eb30873d682972676e834eaecfeda1bfde77f361e552d93e258e8b97
SHA512

2a06b970b5f900ebc95c5f383d94529bc66ece6205f17a28cf2774b36cb6f2f5decc981aae4bcc43b3bba9d1bc2ae80a69dd2c8fa340e51e4d99420d685e8514
SSDEEP

3072:GGHkqU3gwqFDb/l1jzmg22/dBrJBDdpRWmhBl:XkPgwqFDb/jzfzZptB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e24719d1a6950b2fd309848aebf27938

Files

e24719d1a6950b2fd309848aebf27938
.exe windows:4 windows x86 arch:x86

539a57397d40ae56c7bf9b50bee1f3db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\ashwini\My Documents\Visual Studio Projects\Sneaky Listener\404SearchSetup\Release\404SearchSetup.pdb

Imports

shfolder

SHGetFolderPathA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

setupapi

SetupIterateCabinetA

shlwapi

PathCombineA

kernel32

FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryA
CompareStringA
CompareStringW
lstrcpyA
lstrcatA
FormatMessageA
DeleteFileA
SetCurrentDirectoryA
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
SetEndOfFile
ReadFile
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
CreateDirectoryA
GetStartupInfoA
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
SetEnvironmentVariableW
CloseHandle
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

539a57397d40ae56c7bf9b50bee1f3db

Headers

File Characteristics

PDB Paths

Imports

shfolder

wininet

setupapi

shlwapi

kernel32

advapi32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 48KB - Virtual size: 47KB