16f042fb62c230a8169e7191a6cfe950e8b720809600a86c58e2746363d108f0

General

Target

16f042fb62c230a8169e7191a6cfe950e8b720809600a86c58e2746363d108f0
Size

23KB
MD5

5c22634ed36d71e5bef94af933577555
SHA1

85ea3ffa21af17102f51418480fedb6acedec546
SHA256

16f042fb62c230a8169e7191a6cfe950e8b720809600a86c58e2746363d108f0
SHA512

407437f1a9f7f03e2dca598c9ad979646c30ac3633d85440ff81c7fd1877740562242f5d7f8c23941915463a3115e569e9202a698893c26814b9c89a4b2b9366
SSDEEP

384:vDhdNHCmHYaefy0wKTWj0qBJYAN/rMWexP0W5o6QwLWW29T8HFKaRv4Igr:1d1Cm4zfyJbN/ryjowfHF/Rvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f042fb62c230a8169e7191a6cfe950e8b720809600a86c58e2746363d108f0

Files

16f042fb62c230a8169e7191a6cfe950e8b720809600a86c58e2746363d108f0
.exe windows:5 windows x86 arch:x86

91ab04828ab0067b72c4070644e3371e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
DeviceIoControl
CreateFileW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetVersion
CloseHandle
SetThreadUILanguage
FormatMessageA
GetTickCount
LocalFree

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_c_exit
realloc
free
_ultoa
atoi
strncpy
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
malloc
_XcptFilter
_exit
printf
_strupr
_iob
strchr
_stricmp
strtol
toupper
exit
sprintf
_setmode
fprintf
_cexit

advapi32

RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegEnumValueA

iphlpapi

GetBestRoute
GetAdaptersAddresses
AllocateAndGetIpForwardTableFromStack
DeleteIpForwardEntry
AllocateAndGetIpAddrTableFromStack
CreateIpForwardEntry
GetIpAddrTable
AllocateAndGetIfTableFromStack

user32

CharToOemBuffA

ws2_32

WSAStartup
inet_addr
inet_ntoa
WSAAddressToStringA
htonl
gethostbyname

mswsock

getnetbyname
inet_network

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91ab04828ab0067b72c4070644e3371e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

iphlpapi

user32

ws2_32

mswsock

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 408B

.rsrc Size: 11KB - Virtual size: 75KB

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 408B

.rsrc
Size: 11KB - Virtual size: 75KB