1b95ce7bdd71015d491778a00f78a983de7df9302a7ed710045414b594986083

Sharing

Copy URL

Twitter E-mail

General

Target

1b95ce7bdd71015d491778a00f78a983de7df9302a7ed710045414b594986083
Size

271KB
MD5

650ed417dad2d5f43047f65f62697d5f
SHA1

785c0e3ff72a5e186738e25e9a9a171f69ae7bde
SHA256

1b95ce7bdd71015d491778a00f78a983de7df9302a7ed710045414b594986083
SHA512

a5fea8f692a08e454a35e25f471caf22b70ce51b94c351820ef68228ccf421889ca912fc57b38e9be7193e6f84bc881b40bd464d520ca2c462280f592e322227
SSDEEP

3072:IHm5VkLh0DBrmSkufV9QpZKopABU5UN1dCBniMX/shz:Sm5HBTkufV9QpZtdBnni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b95ce7bdd71015d491778a00f78a983de7df9302a7ed710045414b594986083

Files

1b95ce7bdd71015d491778a00f78a983de7df9302a7ed710045414b594986083
.exe windows:6 windows x64 arch:x64

7240e6efa64d140f69069b5b51197ffc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\ping\x64\Debug\ping.pdb

Imports

mfc140ud

ord2834
ord4317
ord4329
ord4231
ord13779
ord3756
ord3877
ord3876
ord4460
ord13732
ord3160
ord14938
ord6989
ord15708
ord8192
ord9563
ord6044
ord13294
ord5204
ord8020
ord15552
ord16680
ord16774
ord9216
ord16768
ord3540
ord5225
ord11172
ord6789
ord5239
ord5762
ord5701
ord5686
ord5748
ord5793
ord5716
ord5771
ord5787
ord5728
ord5734
ord5740
ord5722
ord5777
ord5710
ord2011
ord1990
ord2004
ord1978
ord1956
ord13888
ord13892
ord15915
ord3757
ord15359
ord13213
ord8183
ord4592
ord3035
ord5227
ord10424
ord16766
ord13522
ord4350
ord13696
ord10606
ord13303
ord13302
ord6607
ord11776
ord11772
ord11774
ord11775
ord11773
ord16917
ord9555
ord11742
ord3799
ord3802
ord3652
ord3651
ord3914
ord3913
ord11965
ord12957
ord12559
ord1495
ord2874
ord4872
ord10679
ord3242
ord8541
ord7305
ord13739
ord12582
ord378
ord2558
ord9817
ord7671
ord481
ord13784
ord10705
ord267
ord5937
ord1652
ord2829
ord13681
ord2764
ord2536
ord9877
ord4988
ord2970
ord1584
ord9776
ord13870
ord11926
ord14741
ord14674
ord5333
ord9284
ord9693
ord6272
ord2839
ord14256
ord14255
ord16767
ord9215
ord16773
ord10873
ord4671
ord4609
ord14760
ord9236
ord2356
ord13568
ord13567
ord16636
ord14245
ord9287
ord16845
ord7476
ord16847
ord7478
ord16846
ord7477
ord15965
ord1083
ord7998
ord4365
ord6962
ord13862
ord9564
ord13880
ord13830
ord1164
ord1201
ord4611
ord6110
ord6501
ord6759
ord10825
ord6469
ord6762
ord6113
ord6331
ord6092
ord8978
ord8979
ord8968
ord6329
ord9568
ord11737
ord10678
ord4747
ord951
ord8008
ord9871
ord292
ord302
ord9517
ord1863
ord8722
ord10501
ord16524
ord1163
ord1024
ord1133
ord14982
ord1640
ord1630
ord1638
ord8880
ord11869
ord1631
ord2740
ord15769
ord1203
ord2581
ord12545
ord2736

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetLastError
GetLastError
GetProcessHeap
OutputDebugStringW
MultiByteToWideChar
CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
WideCharToMultiByte
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
DecodePointer

user32

UnregisterClassW
GetSystemMetrics
PostQuitMessage
PeekMessageW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

ws2_32

gethostbyname
socket
sendto
select
recvfrom
inet_ntoa
WSAStartup
WSAGetLastError

vcruntime140d

memset
__current_exception
__current_exception_context
__std_type_info_destroy_list
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
__C_specific_handler
memcpy

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

__stdio_common_vsnwprintf_s
free
malloc
_CrtDbgReportW
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_CrtDbgReport
_invalid_parameter
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
__stdio_common_vswprintf_s
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
_c_exit
wcslen
wcscpy_s
__stdio_common_vswprintf

Sections

.textbss
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7240e6efa64d140f69069b5b51197ffc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140ud

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

ws2_32

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 67KB

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 1KB - Virtual size: 14KB

.pdata Size: 16KB - Virtual size: 16KB

.idata Size: 11KB - Virtual size: 11KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 67KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 1KB - Virtual size: 14KB

.pdata
Size: 16KB - Virtual size: 16KB

.idata
Size: 11KB - Virtual size: 11KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 3KB