d25121a968d01c4096fed064d639676ec28ba827380a69918c17d2f8da513345

Sharing

Copy URL

Twitter E-mail

General

Target

d25121a968d01c4096fed064d639676ec28ba827380a69918c17d2f8da513345
Size

17.6MB
MD5

d413d3cb48058c1045278adae26c4723
SHA1

f322618c7d47f817682ab26113c199a8ed05db1d
SHA256

d25121a968d01c4096fed064d639676ec28ba827380a69918c17d2f8da513345
SHA512

aa91547de34192c17c3549fb4acbe88466bc3f6e2c12849d9d1a476f7787e6569ea0ecb781075581640f69e96d324f2d4fe8f5d03ac82ba04f932d298c436b84
SSDEEP

393216:ItAFeYdanCV65QnfXtqovkLsdEkjQquCk7P4C08pMSxBOhgM:It0dlVUQn/0iSk9uxk87Xg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/App_02029.exe

Files

d25121a968d01c4096fed064d639676ec28ba827380a69918c17d2f8da513345
.zip
App_02029.exe
.exe windows:4 windows x86 arch:x86

ac93743ca80c320d4c30b7fd1c9d511f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetCommandLineW
GetVersionExA
GetProcAddress
GetStringTypeW
GetDriveTypeA
LoadLibraryA
QueryPerformanceFrequency
FreeEnvironmentStringsW
LCMapStringA
FileTimeToSystemTime
HeapAlloc
GetCurrentProcess
InitializeCriticalSection
MoveFileW
MultiByteToWideChar
GetModuleFileNameA
CompareStringW
GetFullPathNameA
CreateThread
ExitThread
GetACP
HeapDestroy
SetEndOfFile
GetProcessHeap
SetStdHandle
WaitForSingleObject
GetTimeZoneInformation
LeaveCriticalSection
HeapReAlloc
GetCurrentThread
FlushFileBuffers
PeekNamedPipe
SleepEx
MoveFileExA
WaitForMultipleObjects
TerminateProcess
FindClose
VirtualAlloc
ReadFile
SetEnvironmentVariableA
GetSystemDirectoryA
GetEnvironmentStringsW
GetLastError
SetFilePointer
GetStringTypeA
FreeLibrary
DeleteFileA
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapFree
GetCommandLineA
GetModuleHandleA
RtlUnwind
GetVersion
ExitProcess
InterlockedDecrement
HeapCreate
GetLocalTime
GetStartupInfoA
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
GetCPInfo
DeleteCriticalSection
FileTimeToLocalFileTime
GetSystemTime
FindFirstFileA
SetHandleCount
EnterCriticalSection
InterlockedIncrement
GetStdHandle
GetTickCount
GetModuleHandleW
CreateFileA
GetModuleFileNameW
FormatMessageA
Sleep
WideCharToMultiByte
GetFileAttributesA
WriteFile
GetFileSizeEx
GetCurrentProcessId
LCMapStringW
TlsGetValue
SetLastError
GetFileSize
CloseHandle
TlsSetValue
GetCurrentDirectoryA
GetCurrentThreadId
GetOEMCP
CompareStringA
GetStartupInfoW
GetFileInformationByHandle
QueryPerformanceCounter
GetFileType

user32

ShowWindow
EndPaint
GetClientRect
GetWindowRect
PostMessageW
RedrawWindow
SetWindowPos
GetMessageW
RegisterClassExW
MessageBoxA
DispatchMessageW
BeginPaint
PostQuitMessage
FillRect
TranslateMessage
SendMessageA
UpdateWindow
DefWindowProcW
CreateWindowExW
DrawTextW
LoadIconW
GetSystemMetrics

gdi32

SetTextColor
DeleteObject
SetBkMode
CreateSolidBrush

advapi32

CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptImportKey
CryptHashData
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CloseServiceHandle

crypt32

CertCreateCertificateChainEngine
CertFindExtension
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertFreeCertificateChain
PFXImportCertStore
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CryptStringToBinaryA
CertCloseStore
CertGetCertificateChain

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord45
ord60
ord22
ord211
ord26
ord143
ord50
ord217

ws2_32

closesocket
send
WSAGetLastError
WSACleanup
WSAStartup
recv
ntohs
getsockname
getpeername
WSASetLastError
getsockopt
setsockopt
connect
WSAIoctl
bind
htons
socket
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
accept
sendto
recvfrom
select
__WSAFDIsSet
ioctlsocket
gethostname
ntohl
listen

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac93743ca80c320d4c30b7fd1c9d511f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

crypt32

wldap32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 56KB - Virtual size: 75KB

.rsrc Size: 72KB - Virtual size: 68KB

.reloc Size: 52KB - Virtual size: 49KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 56KB - Virtual size: 75KB

.rsrc
Size: 72KB - Virtual size: 68KB

.reloc
Size: 52KB - Virtual size: 49KB