723ff1cf18f499e6f50e5d93b7bc00874f7a3748c5e4e557767ae2402283671d

Sharing

Copy URL Twitter E-mail

General

Target

723ff1cf18f499e6f50e5d93b7bc00874f7a3748c5e4e557767ae2402283671d
Size

23KB
MD5

48e8673f62c89d4372f4ece6f5686241
SHA1

7696f49074710e279081dbd4b57cd2c3f44e5572
SHA256

723ff1cf18f499e6f50e5d93b7bc00874f7a3748c5e4e557767ae2402283671d
SHA512

b2bdb2d43648833bfc8be1966b190fca79e1ec0d62f5471c4e1c94531050268bd60914dc85f4020563cc05a50badd7ae6b47ae5e8e521b90fad10f87a09da74a
SSDEEP

384:r+0aeGaqcbd77QoqGpL0hPDISpAEAGuWHOXnm+8BW10:keEi77Q3AL0hbLauuJm+820

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
723ff1cf18f499e6f50e5d93b7bc00874f7a3748c5e4e557767ae2402283671d

Files

723ff1cf18f499e6f50e5d93b7bc00874f7a3748c5e4e557767ae2402283671d
.exe windows:4 windows x86 arch:x86

616d2522c90e36f79c4cc6c5d65fb18a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GlobalMemoryStatus
GetVersionExW
TerminateProcess
WriteFile
WideCharToMultiByte
WaitForSingleObject
ReadFile
PeekNamedPipe
lstrcatW
GetWindowsDirectoryW
GetTickCount
lstrcpyA
lstrcatA
lstrlenA
Sleep
GetPrivateProfileStructW
CreateThread
WritePrivateProfileStructW
GlobalFree
LeaveCriticalSection
lstrcmpA
EnterCriticalSection
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoW
CreateProcessW
CloseHandle
GetStartupInfoA
GetModuleHandleA
DeleteFileW
GetModuleHandleW
GetProcAddress
GetVolumeInformationW
FindFirstFileW
lstrcmpW
lstrlenW
FindNextFileW
FindClose
lstrcpyW
GetDriveTypeW
GetModuleFileNameW
GetDiskFreeSpaceExW

advapi32

GetUserNameW

shell32

ShellExecuteW

ws2_32

inet_addr
gethostname
gethostbyname
shutdown
WSAIoctl
setsockopt
htons
select
WSAGetLastError
send
recv
inet_ntoa
htonl
WSACleanup
WSAStartup
ntohs
connect
bind
socket
closesocket

shlwapi

PathIsDirectoryW
PathAppendW
StrStrIA
PathRenameExtensionW
PathIsRelativeW
PathUnquoteSpacesW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveArgsW
PathGetArgsW
StrChrA
StrStrA

msvcrt

_filelength
_fileno
_strnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
time
atoi
sprintf
strncpy
srand
rand
wcscpy
malloc
free
_snprintf
wcsncpy
_wfopen
fseek
fwrite
fflush
fclose
fread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

netapi32

NetApiBufferFree
NetUserGetInfo
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

iphlpapi

GetAdaptersInfo

rasapi32

RasGetProjectionInfoW
RasEnumConnectionsW

secur32

InitSecurityInterfaceA

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

616d2522c90e36f79c4cc6c5d65fb18a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

shlwapi

msvcrt

netapi32

iphlpapi

rasapi32

secur32

winhttp

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 207KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 207KB