3a08de782db87287000911f3d2ef2c4e190d74aa9430f0f1ef9e778859abc59b

Sharing

Copy URL Twitter E-mail

General

Target

3a08de782db87287000911f3d2ef2c4e190d74aa9430f0f1ef9e778859abc59b
Size

2.0MB
MD5

148ed8c552775829d1fb8255be0caa60
SHA1

c958b0abdf4b6f0a8417425ccc0aea969f40d572
SHA256

3a08de782db87287000911f3d2ef2c4e190d74aa9430f0f1ef9e778859abc59b
SHA512

965ef11a8dd909353cee9c1b8b4a1acb757074ce438c42d71e6a52a9f83f860e533932ffa0635d809abc6f55861acc23183eddda2c44c456a4bd28b058023c7a
SSDEEP

49152:SjkPjZCFuEned7sC3KOfYeCojbITPaP4W87no:SjsjZCF7Yt3KOgXT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a08de782db87287000911f3d2ef2c4e190d74aa9430f0f1ef9e778859abc59b

Files

3a08de782db87287000911f3d2ef2c4e190d74aa9430f0f1ef9e778859abc59b
.exe windows:6 windows x86 arch:x86

15f85bad93be1a7f7449db6cdbaa995b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\visual studio 2015\Projects\ED008_udp\Release\ED008.pdb

Imports

ws2_32

getservbyname
gethostbyname
__WSAFDIsSet
WSASend
WSARecv
WSASetLastError
accept
getsockopt
getsockname
getpeername
ioctlsocket
freeaddrinfo
getaddrinfo
WSAIoctl
gethostname
inet_ntoa
ntohs
ntohl
inet_addr
inet_pton
WSAGetLastError
WSACleanup
WSAStartup
socket
setsockopt
sendto
send
recvfrom
recv
listen
htons
connect
closesocket
bind
htonl
inet_ntop
select
shutdown

iphlpapi

ConvertInterfaceIndexToLuid
GetAdaptersInfo
GetAdaptersAddresses
ConvertInterfaceLuidToAlias
GetIfEntry

advapi32

DeregisterEventSource
RegCloseKey
RegOpenKeyExA
ReportEventA
RegQueryValueExA
RegisterEventSourceA

wldap32

ord143
ord46
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60

kernel32

GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
SleepEx
Sleep
CreateThread
FindFirstFileW
GetTickCount
lstrlenW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetLocalTime
CreateDirectoryW
DeleteFileW
FindNextFileW
GetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
ReadFile
WriteFile
QueryDosDeviceA
UnregisterWait
FormatMessageA
GetSystemTimeAsFileTime
OutputDebugStringA
GetCurrentProcessId
SwitchToThread
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
CreateEventA
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
GetCurrentThreadId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
CreateWaitableTimerA
VerifyVersionInfoA
GetProcAddress
FreeLibrary
GetTickCount64
InitializeCriticalSectionEx
GetSystemDirectoryA
LoadLibraryA
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
MultiByteToWideChar
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
RaiseException
CreateTimerQueue
LCMapStringW
DecodePointer
EncodePointer
TryEnterCriticalSection
QueryPerformanceFrequency
GetExitCodeThread
GetCurrentThread
DuplicateHandle
FormatMessageW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
CreateEventW
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

DefWindowProcA
RegisterClassExA
SetWindowPos
SetDlgItemTextW
SetDlgItemTextA
wsprintfA
CallWindowProcW
IsDialogMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
SetWindowLongW
DrawFocusRect
MessageBoxA
EndPaint
BeginPaint
EnableWindow
SendDlgItemMessageA
CheckDlgButton
CreateDialogParamW
ShowWindow
DestroyWindow
PostQuitMessage
DefWindowProcW
ReleaseDC
GetDC
PtInRect
GetProcessWindowStation
GetUserObjectInformationW
GetWindowRect
LoadBitmapW
DrawTextW
InvalidateRect
KillTimer
GetWindowLongA
wsprintfW
SendDlgItemMessageW
MessageBoxW
SendMessageA
SendMessageW
GetDlgItem
GetDlgItemTextA
SetTimer
EndDialog

gdi32

SetTextColor
MoveToEx
SelectObject
LineTo
GetTextExtentPoint32W
DeleteObject
CreatePen
CreateFontW
Ellipse
GetStockObject
SetDCBrushColor
GetTextMetricsW
TextOutW
SetBkColor
CreateCompatibleDC
BitBlt
DeleteDC

comdlg32

GetOpenFileNameW

shell32

CommandLineToArgvW

comctl32

ord17
InitCommonControlsEx

vcruntime140

__std_type_info_compare
_CxxThrowException
__CxxFrameHandler3
memchr
wcsstr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__uncaught_exception
__std_exception_destroy
strchr
__AdjustPointer
__processing_throw
__current_exception
__RTDynamicCast
__std_exception_copy
__std_terminate
_purecall
strrchr
memmove
strstr
memcpy
memset

api-ms-win-crt-heap-l1-1-0

_malloc_base
calloc
free
realloc
malloc
_free_base
_calloc_base
_callnewh
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fopen
fgetc
fwrite
_lseeki64
fseek
_open
setvbuf
__stdio_common_vsscanf
fclose
__p__commode
__stdio_common_vswprintf
ferror
_wfopen
__stdio_common_vsprintf
fread
_fileno
_setmode
ungetc
__stdio_common_vswprintf_s
ftell
_fseeki64
rewind
fsetpos
fgetpos
_get_stream_buffer_pointers
__acrt_iob_func
fflush
fputc
fputs
__stdio_common_vfprintf
feof
_write
_read
_close
_set_fmode
fgets

api-ms-win-crt-string-l1-1-0

strncmp
_wcsdup
strncpy
isxdigit
isprint
isspace
isalnum
__strncnt
strcmp
strtok
isdigit
tolower
strnlen
isalpha
isgraph
_strnicmp
islower
isupper
_stricmp
_strdup
strpbrk
strncat

api-ms-win-crt-convert-l1-1-0

mbstowcs
atoi
wcstombs
strtoll
strtol
mbtowc
wctomb
atof
strtoul

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_invalid_parameter_noinfo_noreturn
exit
_register_onexit_function
_crt_atexit
raise
_initialize_onexit_table
abort
_invalid_parameter_noinfo
_exit
_errno
_initterm_e
_c_exit
terminate
_register_thread_local_exe_atexit_callback
_beginthreadex
_configure_wide_argv
signal
strerror
_wassert
_initialize_wide_environment
_cexit
_set_app_type
_initterm
_get_wide_winmain_command_line
__sys_nerr
_seh_filter_exe

api-ms-win-crt-environment-l1-1-0

getenv
_wgetcwd

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64i32
_unlock_file
_stat64
_fstat64

api-ms-win-crt-time-l1-1-0

_ctime64_s
_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-math-l1-1-0

__setusermatherr
_CIsqrt
_libm_sse2_log10_precise
_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
_except1
_CIexp

api-ms-win-crt-locale-l1-1-0

_unlock_locales
__pctype_func
___lc_locale_name_func
___lc_codepage_func
setlocale
___mb_cur_max_func
_lock_locales
_configthreadlocale

api-ms-win-crt-conio-l1-1-0

_getch

dante_dnssd

TXTRecordGetValuePtr
DNSServiceRefDeallocate
DNSServiceResolve
DNSServiceQueryRecord
TXTRecordContainsKey
DNSServiceBrowse
DNSServiceReconfirmRecord
DNSServiceConstructFullName
DNSServiceProcessResult
DNSServiceRefSockFD

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15f85bad93be1a7f7449db6cdbaa995b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

advapi32

wldap32

kernel32

user32

gdi32

comdlg32

shell32

comctl32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-conio-l1-1-0

dante_dnssd

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 383KB - Virtual size: 382KB

.data Size: 45KB - Virtual size: 1.2MB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 127KB - Virtual size: 127KB

.reloc Size: 79KB - Virtual size: 78KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 383KB - Virtual size: 382KB

.data
Size: 45KB - Virtual size: 1.2MB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 79KB - Virtual size: 78KB