2224cdae0ea18255a153c869847845b95f6a7a698ecd8da7d44a29b8caf9a975

Sharing

Copy URL Twitter E-mail

General

Target

2224cdae0ea18255a153c869847845b95f6a7a698ecd8da7d44a29b8caf9a975
Size

1.2MB
MD5

44b1cc0eaaf33e57f9bfff46e71fd47e
SHA1

988c00401a65bde5459485b00065b020a10191ed
SHA256

2224cdae0ea18255a153c869847845b95f6a7a698ecd8da7d44a29b8caf9a975
SHA512

a69718c689b71794a3ed47b38cb13ac1ad56999646489ad3fd70dc455923b289ebff3af1acd2b550fa0d2dde86d6c104bc6ed98997c953169b3fbfe0c7e17dde
SSDEEP

24576:81r/MWpUu0mR+KpPSLPyE+U3KfPgipYHAs1E0IzkQbDzRToRYpMa8/sKbba:8g+KLyE+JwSYf1af3RToRYpMa0dXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2224cdae0ea18255a153c869847845b95f6a7a698ecd8da7d44a29b8caf9a975

Files

2224cdae0ea18255a153c869847845b95f6a7a698ecd8da7d44a29b8caf9a975
.exe windows:5 windows x86 arch:x86

9a982fb42dfda523dc97954869d6d2e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

kernel32

LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedExchangeAdd
GetModuleHandleExW
DeleteFiber
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
ConvertFiberToThread
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameA
CreatePipe
ReadFile
CreateProcessA
SetHandleInformation
GetTempPathA
CloseHandle
ReleaseMutex
CreateMutexA
GetLocalTime
WaitForSingleObject
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
EncodePointer
HeapSetInformation
Sleep
InterlockedExchange

advapi32

DeregisterEventSource
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptGenRandom
RegisterEventSourceW
ReportEventW
CryptCreateHash
CryptDecrypt
CryptEnumProvidersW

msvcp100

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1_Container_base12@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ

msvcr100

fclose
??2@YAPAXI@Z
memchr
isalnum
strncmp
free
vsprintf_s
sprintf_s
printf
memcpy
malloc
_purecall
strpbrk
modf
strchr
??_V@YAXPAX@Z
sprintf
sscanf
memset
strcmp
strerror_s
realloc
isdigit
fprintf
__iob_func
isspace
strrchr
getenv
strtoul
wcsstr
_vsnwprintf
_vsnprintf
_exit
raise
qsort
ferror
fread
fwrite
_setmode
_fileno
feof
fgets
_errno
_time64
isxdigit
_strnicmp
strcspn
strspn
_wfopen
fopen
strtol
strstr
strncpy
tolower
_gmtime64
atoi
_stricmp
signal
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
ftell
fopen_s
fflush
fputs
_vsnprintf_s
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
fseek

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
recv
WSASetLastError
send
WSAGetLastError
WSACleanup

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a982fb42dfda523dc97954869d6d2e6

Headers

DLL Characteristics

File Characteristics

Imports

user32

crypt32

kernel32

advapi32

msvcp100

msvcr100

iphlpapi

ws2_32

Sections

.text Size: 936KB - Virtual size: 935KB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 19KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 936KB - Virtual size: 935KB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 45KB - Virtual size: 44KB