f1fa80d9a3e8089af7c6b98fc473d42260d5143ef6d00f325168417469498f3f

Sharing

Copy URL Twitter E-mail

General

Target

f1fa80d9a3e8089af7c6b98fc473d42260d5143ef6d00f325168417469498f3f
Size

64KB
MD5

0b8e069220cad53830b8f10d3a45350a
SHA1

40a7ed95ed9b98f814ffff5497fd74a2e23e44e0
SHA256

f1fa80d9a3e8089af7c6b98fc473d42260d5143ef6d00f325168417469498f3f
SHA512

2a924811ccfcb6f1881232bb2262298b2e262d6c8f24e470d93d0e348b43c33b4d4c46b5d63d57b6256fa147ab16e1062cfbb34ff5eca04ca8a970c1b447a706
SSDEEP

768:zt5c9h8fWwwb8qKvRbvbUiLDV2vje8xTcz3XMEpm98J2LANk8pwvq+6Ypu:/CX8xJbTrNeeFb8hFcr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1fa80d9a3e8089af7c6b98fc473d42260d5143ef6d00f325168417469498f3f

Files

f1fa80d9a3e8089af7c6b98fc473d42260d5143ef6d00f325168417469498f3f
.exe windows:4 windows x86 arch:x86

c3dadfb8441dfd782982981f246d3c8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
DeleteFileW
CreateDirectoryW
GetFileAttributesW
FreeLibrary
SetEvent
InterlockedExchange
GetLocalTime
GetProcAddress
LoadLibraryW
GetLastError
CloseHandle
InterlockedIncrement
CreateIoCompletionPort
WaitForSingleObject
PostQueuedCompletionStatus
ReadFile
GetFileSize
CreateFileW
InterlockedDecrement
WriteFile
LocalFree
FormatMessageW
GetQueuedCompletionStatus
LeaveCriticalSection
IsDebuggerPresent
Sleep
GetComputerNameW
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileIntW
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetCommandLineW
GetModuleHandleW
CreateThread
MoveFileExW
ReleaseMutex
CompareFileTime
OpenEventW
OpenMutexW
OpenFileMappingW
GetSystemTimeAsFileTime
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
CreateEventW
UnmapViewOfFile
ResetEvent
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
WaitForMultipleObjects
GetTickCount
CreateProcessW
GetModuleFileNameW
GetStartupInfoW
GetStdHandle
SetConsoleTitleW
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleCtrlHandler

advapi32

CloseEventLog
ReportEventW
FreeSid
AllocateAndInitializeSid
OpenEventLogW

mfc42u

ord2810
ord5446
ord6390
ord5436
ord3658
ord5438
ord547
ord6006
ord3806
ord2606
ord353
ord6381
ord1971
ord665
ord823
ord861
ord942
ord825
ord540
ord6379
ord800
ord1568
ord815
ord561

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
?terminate@@YAXXZ
_exit
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_wtoi
_ftol
_wsplitpath
wcsrchr
_wmakepath
wcscat
_putws
wcslen
wcsncpy
swprintf
_i64tow
wcscpy
_beginthreadex
wprintf
__CxxFrameHandler
setlocale
memmove
time

msvcp60

?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z

ws2_32

WSARecv
inet_ntoa
WSAGetLastError
WSASetLastError
send
WSASocketW
listen
socket
setsockopt
htons
htonl
bind
recvfrom
sendto
closesocket
WSAStartup
WSACleanup
WSASend

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3dadfb8441dfd782982981f246d3c8e

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42u

msvcrt

msvcp60

ws2_32

mswsock

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 552B

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 552B