1ef984cd52d482f7d94c9943ec07c66190413c468fcac2b702a298e3846b3d0c

Sharing

Copy URL Twitter E-mail

General

Target

1ef984cd52d482f7d94c9943ec07c66190413c468fcac2b702a298e3846b3d0c
Size

4.7MB
MD5

cc34167228132eff121791355446d2bb
SHA1

2c6d40f94eb189aa3b011f8b7b6d893db95b6333
SHA256

1ef984cd52d482f7d94c9943ec07c66190413c468fcac2b702a298e3846b3d0c
SHA512

de272bac0d68b649d564bea572b0bed30779f9ee0d65078419bd0a1356680f126308e4b4d2cd816dd3d0b315659a43f8b72357c37d38ce62ec1a2139e686e3f6
SSDEEP

98304:F+KJlhOpYrpsj5v/q4OJLnGFcPkr0qyi0mLl5CEYEqV:FbJl9mhzW8r0Ni0QlMEYEW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ef984cd52d482f7d94c9943ec07c66190413c468fcac2b702a298e3846b3d0c

Files

1ef984cd52d482f7d94c9943ec07c66190413c468fcac2b702a298e3846b3d0c
.exe windows:5 windows x86 arch:x86

71bb6ea4ed63797f8fb62805b520c446

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32 kernel32

SetUnhandledExceptionFilter ��J

kernel32

TerminateProcess
GetCurrentProcess
Sleep
CreateThread
GetPrivateProfileIntA
WinExec
lstrcatA
GetModuleFileNameA
ExitProcess
GetCommandLineA
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
CloseHandle
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualFree
GetModuleHandleA
SetFilePointer
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetLastError
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
WriteFile
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
RtlUnwind
GetVersion
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

DispatchMessageA
GetMessageA
TranslateMessage

ws2_32

connect
socket
recv
send
inet_ntoa
htons
inet_addr
WSAStartup
closesocket
WSACleanup

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K4ACS
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K4ACS
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K4ACS
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K4ACS
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71bb6ea4ed63797f8fb62805b520c446

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

user32

ws2_32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.K4ACS Size: 480KB - Virtual size: 480KB

.K4ACS Size: 16KB - Virtual size: 16KB

.K4ACS Size: 8KB - Virtual size: 8KB

.K4ACS Size: 4KB - Virtual size: 4KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.K4ACS
Size: 480KB - Virtual size: 480KB

.K4ACS
Size: 16KB - Virtual size: 16KB

.K4ACS
Size: 8KB - Virtual size: 8KB

.K4ACS
Size: 4KB - Virtual size: 4KB