2450c1f73977d0edb14c3c1282fde4273c5cef8f1c9fee4b84f7d5b9f8924871

Sharing

Copy URL Twitter E-mail

General

Target

2450c1f73977d0edb14c3c1282fde4273c5cef8f1c9fee4b84f7d5b9f8924871
Size

2.6MB
MD5

40bcb18c0727087449463bade815529d
SHA1

896bad300c9f7ab5fcfdd81a75e854923222a222
SHA256

2450c1f73977d0edb14c3c1282fde4273c5cef8f1c9fee4b84f7d5b9f8924871
SHA512

9db3cc87380ffcd886b225634b733090ada2665694539430f6a48083ec30973d71a713f9bb4f5e552ce3917155c67d1d6df87a631e91a224a38bf4b11181ded5
SSDEEP

49152:M6pvQ+dxtQCsuc013PfHJleof2mtQS+EMKF5M+3FNWdE4zSP/W59qjUrdpqO1DQ8:ZQseYT5M+yEfW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2450c1f73977d0edb14c3c1282fde4273c5cef8f1c9fee4b84f7d5b9f8924871

Files

2450c1f73977d0edb14c3c1282fde4273c5cef8f1c9fee4b84f7d5b9f8924871
.exe windows:6 windows x86 arch:x86

12e04a9a05d37cf01a6bebf2ebecadec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
closesocket
ioctlsocket
getsockopt
ntohs
select
getservbyport
getservbyname
WSASetLastError
connect
htons
inet_addr
inet_ntoa
listen
recv
send
gethostbyname
gethostbyaddr
setsockopt
sendto
recvfrom
htonl
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
accept

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantChangeTypeEx
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsExA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

advapi32

StartServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenServiceA
RegSetValueExA
RegFlushKey
RegDisableReflectionKey
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetStringTypeW
GetTimeZoneInformation
MoveFileExW
DeleteFileW
CreatePipe
SetEndOfFile
GetFileSizeEx
GetCurrentDirectoryW
GetFullPathNameW
HeapSize
IsValidCodePage
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WriteConsoleW
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
DecodePointer
FormatMessageW
QueryPerformanceFrequency
SwitchToThread
ReleaseMutex
SetFilePointerEx
CreateMutexA
CloseHandle
WaitForSingleObject
Sleep
CreateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
GetTickCount
GetStdHandle
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
GetSystemFirmwareTable
LocalFree
FormatMessageA
GetCurrentThreadId
GetTempPathA
GetSystemDirectoryA
GetNativeSystemInfo
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
FreeLibrary
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryA
WriteFile
GetModuleHandleExW
VirtualFree
GetEnvironmentVariableW
GetACP
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
GetExitCodeProcess
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetConsoleCtrlHandler
GetThreadTimes
GetModuleFileNameA
GetFileType
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
EncodePointer
ExitProcess
ReadFile
DuplicateHandle
CreateProcessW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12e04a9a05d37cf01a6bebf2ebecadec

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ole32

oleaut32

setupapi

iphlpapi

advapi32

crypt32

kernel32

bcrypt

user32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 614KB - Virtual size: 613KB

.data Size: 11KB - Virtual size: 131KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 102KB - Virtual size: 102KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 614KB - Virtual size: 613KB

.data
Size: 11KB - Virtual size: 131KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 102KB - Virtual size: 102KB