efe8cdd718b0f19eeb0e8ea20ff57e341bdea792e49b912b8c789e1c495ff876

Sharing

Copy URL Twitter E-mail

General

Target

efe8cdd718b0f19eeb0e8ea20ff57e341bdea792e49b912b8c789e1c495ff876
Size

52KB
MD5

b5cedcc628ff5946f379bc7caf2ef243
SHA1

0ec1a5f3e8f8ccd5889ed6f0fc14d65e1c057589
SHA256

efe8cdd718b0f19eeb0e8ea20ff57e341bdea792e49b912b8c789e1c495ff876
SHA512

38b053de967e58dc382303bf5410f6335c09f85ba6392db1b6fc8ffe7a10089d16cb021c7cf91ce7c22df6fe17d276e3cbefab31d7da08b424f0427fc21a296d
SSDEEP

768:ZjQn/FRr4+xu33pRAmQTl6aF+i756cvlO:untRr+5q1pBocvlO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe8cdd718b0f19eeb0e8ea20ff57e341bdea792e49b912b8c789e1c495ff876

Files

efe8cdd718b0f19eeb0e8ea20ff57e341bdea792e49b912b8c789e1c495ff876
.exe windows:4 windows x86 arch:x86

f690849beeb36157d49229f8d6a809cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
SetFileAttributesA
GetCurrentProcess
WideCharToMultiByte
CreateMutexA
CompareStringA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetVersion
GetStartupInfoA
RtlUnwind
LocalAlloc
GetSystemDirectoryA
GetModuleHandleA
IsBadStringPtrA
GetLocalTime
lstrcmpiA
GetVersionExA
GlobalMemoryStatus
GetComputerNameA
GetStringTypeW
GetLastError
GetCurrentThreadId
GetShortPathNameA
LoadLibraryA
FreeLibrary
GetProcAddress
lstrcpyA
GetTempPathA
GetWindowsDirectoryA
lstrcatA
GetFileAttributesA
DeleteFileA
LocalFree
lstrlenA
IsBadReadPtr
IsBadWritePtr
CreateThread
lstrcpynA
GetCommandLineA
WaitForSingleObject
GetTickCount
Sleep
GetModuleFileNameA
ExitProcess

user32

CloseDesktop
wvsprintfA
PeekMessageA
DispatchMessageA
TranslateMessage
wsprintfA
GetUserObjectInformationA
OpenInputDesktop

advapi32

CreateServiceA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus
ControlService
DeleteService
GetUserNameA
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA

shell32

ShellExecuteA

ws2_32

getpeername
ntohs
send
recv
WSAGetLastError
inet_addr
gethostbyaddr
gethostbyname
htons
connect
inet_ntoa
WSACreateEvent
socket
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACleanup
WSAStartup
closesocket

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f690849beeb36157d49229f8d6a809cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB