bc5896f60273b73038204fca1cb47168d6cd144d80903d4e6157b591d754ad31

Sharing

Copy URL Twitter E-mail

General

Target

bc5896f60273b73038204fca1cb47168d6cd144d80903d4e6157b591d754ad31
Size

22KB
MD5

704fe2fc42c56735b69ccd0ea0155ccd
SHA1

5434e1175d1e9f3dc49ceb4cf3118f920422fe3b
SHA256

bc5896f60273b73038204fca1cb47168d6cd144d80903d4e6157b591d754ad31
SHA512

e42e7fe5ee494817aa233e1ac84d809fd1f93c53fed1bf724188ab4181cd25a0223f9a7efe5039d906937e61758db521e56aa18e9ae9e749723cab1bf4f6a295
SSDEEP

384:VI//FVDdMzzepy5+a/goZM1skGrlWjOxoSpDCdRbCFV5G5E8eELmEc/n7gC:VI//FZuXeR0Q1s9ZpywCdhC5G5E8eE6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc5896f60273b73038204fca1cb47168d6cd144d80903d4e6157b591d754ad31

Files

bc5896f60273b73038204fca1cb47168d6cd144d80903d4e6157b591d754ad31
.exe windows:5 windows x86 arch:x86

d53e6621972f656728af405e045d3931

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Arena\RobotNet\FileTransferStream\Release\FileTransfer.pdb

Imports

ws2_32

WSAGetLastError
WSACloseEvent
WSAStartup
WSACleanup
htons
WSASocketW
inet_addr
gethostbyname
WSAConnect
shutdown
WSACreateEvent
WSAEventSelect
closesocket
WSASend
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSARecv

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteW
SHGetFolderPathW

advapi32

ConvertSidToStringSidW
LookupAccountNameW

secur32

GetUserNameExW

ntdll

memset

shlwapi

PathFindFileNameW
StrCmpNIW

kernel32

lstrlenA
lstrcpynA
lstrcatA
GetFileAttributesW
GetModuleFileNameW
WriteFile
lstrlenW
CreateDirectoryW
CreateFileW
GetFileSize
VirtualAlloc
ExitProcess
DeleteFileW
GetSystemInfo
CreateIoCompletionPort
GetProcessHeap
CopyFileW
GetModuleHandleW
GetLastError
GetQueuedCompletionStatus
ReadFile
VirtualFree
lstrcatW
FindFirstFileW
lstrcmpW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapCreate
HeapAlloc
HeapFree
GetProcAddress
PostQueuedCompletionStatus
lstrcpyW
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
SetEvent
lstrcpyA
Sleep
WaitForSingleObject
FindClose
FindNextFileW
CloseHandle

user32

wsprintfA
wsprintfW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d53e6621972f656728af405e045d3931

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

shell32

advapi32

secur32

ntdll

shlwapi

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 192B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 770B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 192B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 770B