409c2752220c862424a2465462ac4fb985079dfff9ded540843d5b0ab3261cc8

General

Target

409c2752220c862424a2465462ac4fb985079dfff9ded540843d5b0ab3261cc8
Size

80KB
MD5

1c6bcaa2482014eac7dbe7d9bf5723a2
SHA1

a879f6f85e0515b744bc9a8f1ae5f183db65116a
SHA256

409c2752220c862424a2465462ac4fb985079dfff9ded540843d5b0ab3261cc8
SHA512

ddef1447dbe5206ab2e18cc6f9b6bb7ca9b451d1f72e4c06b10dbe21aab44da7dad4c6efb4a488e3fe48a0f496b0f7c455782becc37f53f90245b45b4f9e917a
SSDEEP

1536:/WTayXbu8O88TrD1yfqngrk58oi8mnHbRJ:OayXbuF88TkfqngPnHtJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409c2752220c862424a2465462ac4fb985079dfff9ded540843d5b0ab3261cc8

Files

409c2752220c862424a2465462ac4fb985079dfff9ded540843d5b0ab3261cc8
.exe windows:4 windows x86 arch:x86

e8f6293270e2bfabd0b07a5c3424ddf4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateProcessA
GetStartupInfoA
GetModuleHandleA

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_controlfp
_strlwr
_acmdln
exit
_XcptFilter
_exit
_except_handler3
_filelength
gmtime
_findnext
strtok
strrchr
sprintf
_findfirst
_findclose
fopen
fwrite
fclose
free
malloc
fprintf
getenv
strncpy
atoi
_setmode
_iob
wcstombs
mbstowcs
??2@YAPAXI@Z
_mbscmp
__CxxFrameHandler
??3@YAXPAX@Z
time
fread
__set_app_type
strchr
_memicmp
__getmainargs
_strupr

mfc42

ord6143
ord801
ord6394
ord5450
ord6383
ord5440
ord5710
ord4202
ord4278
ord354
ord5186
ord665
ord6385
ord1979
ord533
ord5194
ord5465
ord1997
ord798
ord4204
ord537
ord6282
ord6283
ord6779
ord2764
ord4277
ord2763
ord6877
ord535
ord860
ord4129
ord926
ord924
ord858
ord941
ord939
ord6663
ord540
ord2614
ord800
ord3663
ord541

wsock32

WSACleanup
gethostname
WSAStartup

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8f6293270e2bfabd0b07a5c3424ddf4

Headers

File Characteristics

Imports

kernel32

msvcrt

mfc42

wsock32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 12KB