33eab22e07c4bf55c4091626f702d916d764418fa9f06d8c904dd60ca0f708e6

Sharing

Copy URL Twitter E-mail

General

Target

33eab22e07c4bf55c4091626f702d916d764418fa9f06d8c904dd60ca0f708e6
Size

440KB
MD5

1727e32b50921cfea0158256e6d6c052
SHA1

a8970c869d92653ff0f309ac7e0a151bace4da0e
SHA256

33eab22e07c4bf55c4091626f702d916d764418fa9f06d8c904dd60ca0f708e6
SHA512

4cb0b4877b0384c73e27ead5b4a62bd2c6c5a2bf53db79312f8fae02e3cbeeb78334ee30bb93204ef8e28ff3ff3629ac03d9c79df383defceb1ed0a0a7e761b0
SSDEEP

6144:xNy6C9R3fWrkilAbehLQq2UM7Je4kv0HO883Si5/0K:WfWVhLR2UM7A4S0S3S0/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33eab22e07c4bf55c4091626f702d916d764418fa9f06d8c904dd60ca0f708e6

Files

33eab22e07c4bf55c4091626f702d916d764418fa9f06d8c904dd60ca0f708e6
.exe windows:5 windows x86 arch:x86

76506ee3413225d254fb2c46479e269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Studio\worm\Release\worm.pdb

Imports

kernel32

GetDriveTypeA
GetVolumeInformationA
Sleep
GetEnvironmentVariableA
CreateDirectoryA
SetCurrentDirectoryA
GetLogicalDriveStringsA
GetLastError
SetFileAttributesA
GetCurrentDirectoryA
SetErrorMode
CreateThread
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleFileNameA
ExitProcess
LoadLibraryA
CloseHandle
VirtualProtect
WriteFile
SetFilePointer
WinExec
CreateFileA
SetEndOfFile
CreateFileW
GetStringTypeW
FlushFileBuffers
LCMapStringW
SetStdHandle
HeapAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapValidate
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
ReadConsoleW
SetLastError
GetCurrentThreadId
GetStdHandle
DeleteCriticalSection
SetFilePointerEx
GetFileType
GetStartupInfoW
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetConsoleCP
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
FreeLibrary
HeapFree
VirtualQuery

user32

EnumWindows
GetClassNameA

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorDacl

shell32

ShellExecuteA
SHFileOperationA

ws2_32

recv
socket
closesocket
gethostbyname
send
connect
WSACleanup
htons
inet_addr
WSAStartup
__WSAFDIsSet
select
ioctlsocket
getpeername
recvfrom
sendto
WSAGetLastError
getaddrinfo
freeaddrinfo
inet_ntoa

winmm

timeGetTime

Sections

.text
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76506ee3413225d254fb2c46479e269b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

winmm

Sections

.text Size: 354KB - Virtual size: 353KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 354KB - Virtual size: 353KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 480B