8b06ce8f4f8e517b577ad35fe1b45182d27e11bc3d7bc0039b48a7e5b2554d76

Sharing

Copy URL Twitter E-mail

General

Target

8b06ce8f4f8e517b577ad35fe1b45182d27e11bc3d7bc0039b48a7e5b2554d76
Size

318KB
MD5

a07ca518638349080fa7d0a4b36f55e7
SHA1

c31073f90bc22ef31f936e7b98f848187dbdeca1
SHA256

8b06ce8f4f8e517b577ad35fe1b45182d27e11bc3d7bc0039b48a7e5b2554d76
SHA512

7fe9da9bb2cd63e8f6110ac71f04a49ad81c201effc0210681b3d6e860a93011800e455f614fec4e9994ca18379bed542b327a0c24c57668bb4c5e05e5f9608b
SSDEEP

6144:KazEhbv3dmkd6+z/BNPMGC0Zzt5eMiH1DE3lMQAlPFovatAr3fE:Z+NmkdTd9MX0ZBI1DYl1+PCa6zf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b06ce8f4f8e517b577ad35fe1b45182d27e11bc3d7bc0039b48a7e5b2554d76

Files

8b06ce8f4f8e517b577ad35fe1b45182d27e11bc3d7bc0039b48a7e5b2554d76
.exe windows:5 windows x86 arch:x86

4ee46e252982534c2c79ceced06e1588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WindowsClient\CODE\Release\NetConfig.pdb

Imports

kernel32

WideCharToMultiByte
GetLastError
FormatMessageA
LocalFree
CreateEventW
SetEvent
GetVersionExW
GetModuleFileNameW
GetSystemDirectoryW
CopyFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetSystemDirectoryA
LoadLibraryW
WaitForSingleObject
FreeLibrary
CreateMutexW
CreateThread
GetCurrentProcess
GetModuleHandleW
GetModuleHandleA
SetEndOfFile
SignalObjectAndWait
CreateFileW
UnregisterWait
GetThreadPriority
GetStringTypeW
Sleep
CloseHandle
DeleteFileA
GetCurrentThreadId
GetModuleFileNameA
CreateDirectoryA
GetProcAddress
InitializeCriticalSectionAndSpinCount
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
SetStdHandle
HeapReAlloc
CreateTimerQueue
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
UnregisterWaitEx
GetSystemTimeAsFileTime
AreFileApisANSI
MultiByteToWideChar
HeapFree
HeapAlloc
EncodePointer
DecodePointer
ReadFile
GetCommandLineW
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsGetValue
CreateTimerQueueTimer
IsDebuggerPresent
IsProcessorFeaturePresent
MoveFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
SetFilePointer
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
OutputDebugStringW
SwitchToThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
SetThreadPriority
GetTickCount
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetEnvironmentVariableA

user32

GetWindowTextA
IsWindowVisible
GetWindow
GetWindowLongW
GetClassNameA
SendMessageW
EnumChildWindows
EnumWindows

advapi32

InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl

shell32

SHFileOperationW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathFileExistsW

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupCopyOEMInfW

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee46e252982534c2c79ceced06e1588

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

setupapi

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 40KB