a0a29c125ced892d75a067f9f7c9cf70N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a0a29c125ced892d75a067f9f7c9cf70N.exe
Size

144KB
MD5

a0a29c125ced892d75a067f9f7c9cf70
SHA1

80cf3f91432bd64f18bb5f2d1ea9164d61208123
SHA256

8fad29ef845538cbb7b9ac79f9442ec4475ec856eeef6acc360987588ec11bab
SHA512

c97ab1fd4e2a3b05c76041550e58a7b3e68fe728c4c49276e5c5433346e8f0da64e81b42da562bc866161b8fcf0bdd2640e6795b51a987296832841ce4523ba4
SSDEEP

3072:paHepoBSYHXtdhvKJeXU+eUH/iwh0n8npnNNgnaHQniXcYDwNBFu:pa+oBNewBHqwh0nwpNNgnmCiPD5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0a29c125ced892d75a067f9f7c9cf70N.exe

Files

a0a29c125ced892d75a067f9f7c9cf70N.exe
.dll windows:4 windows x86 arch:x86

f157258ee9b56e2b1f718ef811120d87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dll\ssnetlib.pdb

Imports

kernel32

SetEvent
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
InterlockedDecrement
TerminateThread
InterlockedIncrement
SetLastError
ExitThread
WaitForSingleObjectEx
CreateThread
IsDBCSLeadByte
InitializeCriticalSection
ResetEvent
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameA
LoadLibraryA
CreateSemaphoreA
CreateEventA
GetLastError
GetVersionExA
GetEnvironmentVariableA
CreateIoCompletionPort
GetModuleHandleA
GetProcAddress
CloseHandle
GetQueuedCompletionStatus
FreeLibrary
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
ExitProcess

advapi32

RevertToSelf
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetUserNameA

wsock32

connect
sendto
recvfrom
htonl
htons
send
select
accept
inet_ntoa
WSAGetLastError
gethostbyname
socket
closesocket
setsockopt
bind
getsockname
ntohs
listen
inet_addr
ioctlsocket
WSAStartup
WSACleanup
recv

ws2_32

WSAGetOverlappedResult
WSASend
WSARecv
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAIoctl
WSACreateEvent
WSAEventSelect
WSAEnumProtocolsA

msvcr71

_stricmp
_onexit
__dllonexit
__CppXcptFilter
_adjust_fdiv
_initterm
_except_handler3
__security_error_handler
_strupr
_wcsicmp
wcscmp
_strlwr
toupper
_itoa
strcspn
strstr
strchr
strtok
strncpy
strlen
memmove
_snprintf
memcmp
_assert
memcpy
printf
strcmp
atoi
swprintf
_itow
sprintf
wcscat
free
malloc
strcat
calloc
memset
strcpy

Exports

Exports

ConnectionAccept
ConnectionClose
ConnectionImpersonate
ConnectionInitialize
ConnectionListen
ConnectionPeek
ConnectionPreLogin
ConnectionRead
ConnectionReadAsync
ConnectionReadAsyncWait
ConnectionRevert
ConnectionSecureClient
ConnectionTermSec
ConnectionVer
ConnectionWrite
ConnectionWriteAsync
ConnectionWriteStatus
ViaReadAsyncWait

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f157258ee9b56e2b1f718ef811120d87

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

wsock32

ws2_32

msvcr71

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 60KB - Virtual size: 60KB