92ef13aa4cec44ed8f999218680beb9a1420f1715371593d823a612cdea646ae

Sharing

Copy URL Twitter E-mail

General

Target

92ef13aa4cec44ed8f999218680beb9a1420f1715371593d823a612cdea646ae
Size

108KB
MD5

b1fd318757cc846ee93e2e5a93ec2b28
SHA1

aefcd7ad2edec41094331cc3b333b60fd856ee2b
SHA256

92ef13aa4cec44ed8f999218680beb9a1420f1715371593d823a612cdea646ae
SHA512

519b9cf5e846724fc877297f0aeaf4ed4a35cf83321636e479d24f9a90a24fe84690a4a8be24159bfc1b64e613582ab33fbde58136048545fd96b6392beeee43
SSDEEP

3072:PhiCByLg5R+MHZgLflSx5D8Tny9wNGCH:rEg5cuZ6lSxh8yS4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92ef13aa4cec44ed8f999218680beb9a1420f1715371593d823a612cdea646ae

Files

92ef13aa4cec44ed8f999218680beb9a1420f1715371593d823a612cdea646ae
.exe windows:4 windows x86 arch:x86

0dd665ca8567149766a5a918969d925c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
CreateFileA
MoveFileA
DeleteFileA
GetFileSize
WriteFile
SetFileAttributesA
Sleep
FindClose
FindNextFileA
FindFirstFileA
TerminateThread
GlobalGetAtomNameA
SetFilePointer
FileTimeToSystemTime
GetLastError
GetACP
lstrlenA
lstrcpyA
GetProcAddress
GetModuleHandleA
TerminateProcess
OpenProcess
ReadProcessMemory
GetStartupInfoA
GetComputerNameA
SetLastError
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetVersionExA

user32

EndDialog
GetDlgItem
DialogBoxParamA
GetDesktopWindow
CharNextA
SendDlgItemMessageA
MessageBoxA
SendMessageA
SetDlgItemTextA

wsock32

WSACleanup
setsockopt
socket
WSAStartup
ntohl
WSAGetLastError
bind
ioctlsocket
gethostbyname
htons
connect
htonl
closesocket
send
inet_addr
recv

comctl32

ord17

msvcrt

strrchr
realloc
_pctype
_write
_utime
_lseek
_read
_close
_unlink
_isatty
_fstat
_fileno
_setmode
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
_mkdir
strchr
__p__commode
_adjust_fdiv
_open
_stat
_execv
remove
fprintf
_iob
strncmp
getenv
atoi
strncpy
perror
_errno
_strlwr
ctime
printf
strcspn
_beginthreadex
_initterm
_isctype
__mb_cur_max
fgets
fflush
free
malloc
vsprintf
time
srand
_ftol
_chmod
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
bsearch
_stricmp
__setusermatherr
strlen
strstr
_strnicmp
rand
_acmdln
__getmainargs
calloc
strspn
putc
strpbrk
strcpy
strcat
memset
_except_handler3
memcpy
_exit
_XcptFilter
exit

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetErrorDlg
InternetCrackUrlA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
HttpAddRequestHeadersA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��~�u
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0dd665ca8567149766a5a918969d925c

Headers

File Characteristics

Imports

kernel32

user32

wsock32

comctl32

msvcrt

wininet

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 460KB

.rsrc Size: 8KB - Virtual size: 4KB

���~�u Size: 20KB - Virtual size: 20KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 460KB

.rsrc
Size: 8KB - Virtual size: 4KB

��~�u
Size: 20KB - Virtual size: 20KB