b4373371338501644ecc497009396913e8e39ef2ea8cbfc9e4072155efc41b5a

Sharing

Copy URL Twitter E-mail

General

Target

b4373371338501644ecc497009396913e8e39ef2ea8cbfc9e4072155efc41b5a
Size

560KB
MD5

fdcca717a1716afdfffe7633c69ec244
SHA1

4a4d8750f86e1acd06fa728c149a21f5b0c85b27
SHA256

b4373371338501644ecc497009396913e8e39ef2ea8cbfc9e4072155efc41b5a
SHA512

5b595c721a5c26854bb7169d44b514b4a3b52bec97e79ea891920369702814b1da3467b5c64da1b8a769ee9111e5da7af91c0252f92a22bbe0927579ec625ce9
SSDEEP

12288:ZD2M/TVdEn+bJq6JyGGY9Z1NcXysHsS1Pn3mL+G1jTdYxFktwo3fu5svvx6n:ZD2MJIvCsM0nujTdwYdu58vC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4373371338501644ecc497009396913e8e39ef2ea8cbfc9e4072155efc41b5a

Files

b4373371338501644ecc497009396913e8e39ef2ea8cbfc9e4072155efc41b5a
.exe windows:5 windows x86 arch:x86

f092f5447cefa2c04620499f2855cb7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\BarServer\src\ToolKit\DownHelper\Release\ServerPatch.pdb

Imports

iocptcp

TcpUninit
TcpInit
TcpDestroy
TcpGetLinkAddr

kernel32

SetUnhandledExceptionFilter
GetLocalTime
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
DeleteFileA
GetModuleFileNameW
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindNextFileW
GetTickCount
SetEvent
lstrlenA
QueryDosDeviceA
lstrcatA
lstrcmpiA
GetProcAddress
SetFileAttributesA
lstrcpyA
WaitForSingleObject
WriteFile
ReadFile
CreateProcessA
CopyFileA
MoveFileA
ProcessIdToSessionId
LocalAlloc
LocalFree
WriteConsoleW
SetStdHandle
HeapReAlloc
FreeEnvironmentStringsW
GetPrivateProfileStringA
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
GetLastError
GetLogicalDriveStringsA
TerminateProcess
CreateEventA
Sleep
OpenProcess
Process32First
GetCurrentProcess
DeleteFileW
GetEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEndOfFile
GetTimeFormatW
GetDateFormatW
ExitThread
CreateSemaphoreW
GetStartupInfoW
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FindFirstFileExW
GetFileAttributesExW
AreFileApisANSI
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
GetCPInfo
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
RaiseException
HeapAlloc
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCommandLineA
RtlUnwind
CreateDirectoryW
SetEnvironmentVariableA
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW

user32

TranslateMessage
GetMessageA
DispatchMessageA
wsprintfA
PeekMessageA

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
DuplicateTokenEx
GetSecurityInfo
GetAce
SetSecurityDescriptorDacl
SetTokenInformation
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
CreateProcessAsUserA
OpenProcessToken

ws2_32

ntohl
gethostbyname
htonl

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetProcessImageFileNameA

wininet

InternetReadFile
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetCrackUrlA
HttpAddRequestHeadersA
HttpOpenRequestA

shlwapi

PathFileExistsA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsA

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f092f5447cefa2c04620499f2855cb7d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

kernel32

user32

advapi32

ws2_32

version

psapi

wininet

shlwapi

userenv

wtsapi32

Sections

.text Size: 426KB - Virtual size: 425KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 426KB - Virtual size: 425KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 23KB