e70844f5b1270e68ea23df3f7cd2058bd677aac880ca13d530955481efcc0768

Sharing

Copy URL Twitter E-mail

General

Target

e70844f5b1270e68ea23df3f7cd2058bd677aac880ca13d530955481efcc0768
Size

341KB
MD5

5fed90770f95fdc3edee5c1f498985f0
SHA1

fc3e00bed1fe879a30c191bccbb76890cab53f46
SHA256

e70844f5b1270e68ea23df3f7cd2058bd677aac880ca13d530955481efcc0768
SHA512

e901934956d4fc34874aac2927da54310b2feddfc5d7e81465f5288c6d1fbcf0b05f179375487408fead72eabe86decfd9635e1c9d786f2e3be2f5989ace63a3
SSDEEP

6144:inWmCIaahHNnx0oWLEGJJ810rDFjWaeyi+gJOVGAZe4WH5L/eqb/PxsYq9:rdIaahtx0946o+DF7eyaIGAUh3aY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e70844f5b1270e68ea23df3f7cd2058bd677aac880ca13d530955481efcc0768

Files

e70844f5b1270e68ea23df3f7cd2058bd677aac880ca13d530955481efcc0768
.exe windows:6 windows x86 arch:x86

81f8747534663f0c4e4dcf60170e92ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ASUS\source\repos\n2npp\src\win32\DotNet\Release\edge.pdb

Imports

ws2_32

ntohl
WSACleanup
WSAStartup
bind
shutdown
getaddrinfo
htons
freeaddrinfo
getnameinfo
closesocket
getsockname
socket
ntohs
connect
gethostname
ioctlsocket
setsockopt
WSAGetLastError
inet_ntoa
recvfrom
htonl
sendto
__WSAFDIsSet
select
inet_addr

advapi32

CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
CryptGenRandom

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
HeapReAlloc
SetStdHandle
GetStringTypeW
GetProcessHeap
CreateFileW
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapSize
SetConsoleCtrlHandler
Sleep
WaitForSingleObject
GetLocalTime
FormatMessageA
CreateThread
ReadFile
WriteFile
DeviceIoControl
GetLastError
CreateFileA
CloseHandle
ResetEvent
GetOverlappedResult
CreateEventA
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
DecodePointer
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
MultiByteToWideChar

iphlpapi

GetAdaptersInfo
GetBestInterface

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81f8747534663f0c4e4dcf60170e92ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

kernel32

iphlpapi

Sections

.text Size: 267KB - Virtual size: 266KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 267KB - Virtual size: 266KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B