5489edeb7b470718641b5e6bd504a289d18b5ea3d603169981a7f0b57991a154

Sharing

Copy URL Twitter E-mail

General

Target

5489edeb7b470718641b5e6bd504a289d18b5ea3d603169981a7f0b57991a154
Size

27KB
MD5

20b841626d614031097f1cd9db058c81
SHA1

cdf6730b69decae349fc474addbc46af0b1a197c
SHA256

5489edeb7b470718641b5e6bd504a289d18b5ea3d603169981a7f0b57991a154
SHA512

d7b8b3d4eead1a2fc4733f6197a5f34a623602f542794e225d59a0b99d9af24774445411d04f6f5a308036ba82fcd5ec8d431b9b064557121347a22605f005bd
SSDEEP

768:djzep5BIXF/znXskzV7QpAdFSY0BRwGTgPw6r:JzIBIXNb16ydkYqRfgPw6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5489edeb7b470718641b5e6bd504a289d18b5ea3d603169981a7f0b57991a154

Files

5489edeb7b470718641b5e6bd504a289d18b5ea3d603169981a7f0b57991a154
.exe windows:4 windows x86 arch:x86

39043971f80139ed6abb3e75aa36841f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterServiceCtrlHandlerA
RegCloseKey
RegOpenKeyA
StartServiceCtrlDispatcherA
RegQueryValueExA
SetServiceStatus
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RevertToSelf
ImpersonateLoggedOnUser

kernel32

GetLastError
CloseHandle
CreateProcessA
SetStdHandle
LocalAlloc
DeleteCriticalSection
GetStdHandle
LeaveCriticalSection
RtlUnwind
GetSystemDirectoryA
CreateThread
ResumeThread
VirtualAllocEx
OpenProcess
LocalFree
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
InitializeCriticalSection
GetVersion
CopyFileA
TerminateThread
lstrlenA
GetBinaryTypeA
GetCurrentThreadId
VirtualFreeEx
ExitProcess
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeThread
lstrcatA
GetCurrentProcessId
FreeLibrary
ExitThread
RaiseException
lstrcpyA
GetModuleHandleA
SetEvent
CreateEventA
Sleep
lstrcmpiA
ResetEvent
CreateFileA
TerminateProcess
WriteFile
SetFilePointer
GetModuleFileNameA
SetThreadPriority
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA

user32

CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
RegisterClassA
KillTimer
DispatchMessageA
PostMessageA
PostThreadMessageA
PeekMessageA
PostQuitMessage
wsprintfA
DefWindowProcA
wsprintfW

wsock32

inet_addr
ioctlsocket

Exports

Exports

rpcnetp

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39043971f80139ed6abb3e75aa36841f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 480B

.cdata Size: 1024B - Virtual size: 572B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 480B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1KB - Virtual size: 1KB