627698faec9a6f3039c1eff47aa876a465a2c0046893d51b31def4946b6c5bac

Sharing

Copy URL Twitter E-mail

General

Target

627698faec9a6f3039c1eff47aa876a465a2c0046893d51b31def4946b6c5bac
Size

5.2MB
MD5

4d277381dd85b973e3c4825cc07fcc26
SHA1

384cf17bd8aa82f9ee829b2e8c23ffa21ff74536
SHA256

627698faec9a6f3039c1eff47aa876a465a2c0046893d51b31def4946b6c5bac
SHA512

32cafa85bc05bee48c3c4139c9ba23a2f878eb893b934ec18389b55e6e865e987448bc4c82084678b17d8b2a1e1fa4923fa6dd0ca5994d33fd72768754e2cef2
SSDEEP

98304:g3ouh4S8rIKMqi882jIg10kGoTd4kI8yjf4IJ1oOoMdScvFN72gDDhyq9W2c:fuGIKMqJ8q1x/KR8yjzJmXY72chyqW2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
627698faec9a6f3039c1eff47aa876a465a2c0046893d51b31def4946b6c5bac

Files

627698faec9a6f3039c1eff47aa876a465a2c0046893d51b31def4946b6c5bac
.exe windows:6 windows x86 arch:x86

be3fd2424d008da25222ff5d3a511de2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\kali\Documents\Visual Studio 2012\Projects\Mining_framework\Release\RaumLoader.pdb

Imports

kernel32

CloseHandle
CreateDirectoryA
SetFileAttributesA
GetModuleFileNameA
Sleep
CreateFileW
SetEnvironmentVariableA
LoadLibraryW
OutputDebugStringW
WriteFile
GetTickCount
CreateFileA
GetCurrentDirectoryA
DeleteFileA
WriteConsoleW
SetStdHandle
ReadConsoleW
LoadLibraryExW
HeapReAlloc
GetOEMCP
IsValidCodePage
SetFilePointer
GetACP
FreeEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
CreateThread
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
GetModuleFileNameW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
SetEndOfFile

user32

FindWindowExA
SendMessageA
FindWindowA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetKeyValueA

shell32

ShellExecuteA

ws2_32

socket
recv
gethostbyname
send
WSACleanup
htons
WSAGetLastError
WSAStartup
connect
closesocket

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be3fd2424d008da25222ff5d3a511de2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 35KB - Virtual size: 35KB