ae6470be9df350e66e67d029f2e6a68f280d8cbb506412f9f9111e409e322ded

Sharing

Copy URL Twitter E-mail

General

Target

ae6470be9df350e66e67d029f2e6a68f280d8cbb506412f9f9111e409e322ded
Size

238KB
MD5

7d7e64324386e1fc9975ae872f9679a4
SHA1

6f1a1999bdf5be6df73062266e9630bd262e9b53
SHA256

ae6470be9df350e66e67d029f2e6a68f280d8cbb506412f9f9111e409e322ded
SHA512

bb71aac4f0bd12f084b20918109d8558b4974da6bedec08e4aeaa30ee934021e47dcb7ea5024d4e239fb6c3877dfda594756786b5cd51ec37c16aab08b950bfe
SSDEEP

6144:pPibSkkzE/nPWobaOuDKBmSXTJnSPAOk6Oda:pBkkzE/PjbnOG5SPmda

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae6470be9df350e66e67d029f2e6a68f280d8cbb506412f9f9111e409e322ded

Files

ae6470be9df350e66e67d029f2e6a68f280d8cbb506412f9f9111e409e322ded
.exe windows:5 windows x86 arch:x86

d53934a888be862e6d2672fb70a7c434

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\KServerAgent----d77809c7\KServerAgentWindows\build\Win32\Release\bin\KPrtPng.pdb

Imports

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
setsockopt
sendto
recvfrom
WSAGetLastError
gethostbyaddr
socket
shutdown
send
select
recv
inet_addr
ioctlsocket
htons
inet_ntoa
connect
closesocket
__WSAFDIsSet

kernel32

GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
HeapSize
ReadConsoleW
FlushFileBuffers
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
SetLastError
GetFileSize
WriteFile
ReadFile
CloseHandle
CreateFileA
CreateFileW
MultiByteToWideChar
WaitForSingleObject
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
Sleep
FindClose
DuplicateHandle
CreatePipe
PeekNamedPipe
CreateProcessA
DeleteFileA
GetVersionExA
GetLocalTime
SystemTimeToFileTime
GetCurrentProcessId
GetExitCodeThread
GetTickCount
GetEnvironmentVariableA
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetProcessHeap
SetEndOfFile
GetFileAttributesExW
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetACP
HeapFree
HeapAlloc
GetFileType
HeapReAlloc
DeleteFileW

user32

MessageBoxA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d53934a888be862e6d2672fb70a7c434

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

advapi32

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 3KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 8KB - Virtual size: 8KB