5158633cdcd58e7df4c5c33b714dcb4b6de86821f1d3af88e4006d3758cee633

Sharing

Copy URL

Twitter E-mail

General

Target

5158633cdcd58e7df4c5c33b714dcb4b6de86821f1d3af88e4006d3758cee633
Size

29KB
MD5

9ff6ea1fbab50181b80bffb98bd33109
SHA1

10db2370b47d545dfb29839ac2d0edd5d168f95a
SHA256

5158633cdcd58e7df4c5c33b714dcb4b6de86821f1d3af88e4006d3758cee633
SHA512

a08d01702d60c3ddac8c4fadcc5cd86032ac39e325b45b8fd925fa0154f98c158729d6de5bfe8055ce6865ee693d5555d91728cfbc9a25574f898f67e5e28d41
SSDEEP

384:sxMPFR48nxC4vA3ZccmolW2s38KU9NvjuHHNptkihHTGmvw6Klkviz7/5CvYJnC7:z/4EPywkNvSHHNkh96CZV9ZsAoPsKX5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/640db2b24b1ff39f4c6c8eb1d177c7d9882d55839744901e55891a496bab7304

Files

5158633cdcd58e7df4c5c33b714dcb4b6de86821f1d3af88e4006d3758cee633
.zip

Password: infected
640db2b24b1ff39f4c6c8eb1d177c7d9882d55839744901e55891a496bab7304
.exe windows:4 windows x86 arch:x86

e0f61286c6396ccf28fed994d6a49819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetTickCount
FreeConsole
TlsAlloc
TlsAlloc

user32

CheckDlgButton
DestroyMenu
GetAncestor
SetParent
GetCursorInfo
GetPropA
SetUserObjectInformationW
GetDC
AppendMenuW
SetWindowLongW
AppendMenuA
ChangeDisplaySettingsA
UnionRect
DrawTextExA
GetUpdateRect
CreateDialogIndirectParamW
GetWindowLongW
ExcludeUpdateRgn
CallMsgFilterA
GetDlgItem
CascadeWindows
GetSubMenu
GetClassWord
GetUserObjectSecurity
GetParent
DlgDirListW
PeekMessageA
SetWindowTextW
CreateMDIWindowA
RemoveMenu
LoadKeyboardLayoutW
GetLastActivePopup
AttachThreadInput
LoadKeyboardLayoutA
EnumDisplaySettingsExW

ws2_32

accept
WSAWaitForMultipleEvents
WSACancelBlockingCall
inet_ntoa
WSAInstallServiceClassA
setsockopt
WSAEnumProtocolsW
WSAHtons
WSASendTo
WSAEnumProtocolsA
WSAEnumNameSpaceProvidersW
WSAEnumNameSpaceProvidersA
WSARecvDisconnect
getprotobyname
getprotobynumber
getservbyname
WSAGetServiceClassNameByClassIdA
gethostbyaddr
gethostbyname
WSAGetQOSByName
gethostname
WSAGetServiceClassInfoA
WSASocketW
WSAUnhookBlockingHook
getpeername
WSAHtonl
WSAEventSelect
WSAGetLastError
WSASetServiceW

rtm

RtmUpdateAndUnlockRoute
RtmRegisterForChangeNotification
RtmCreateDestEnum
RtmGetNextHopInfo
RtmLockRoute
RtmCreateRouteList
RtmReleaseChangedDests
RtmGetChangedDests
RtmGetExactMatchDestination
RtmReleaseEntities
RtmGetEntityInfo
RtmReleaseNextHopInfo
RtmReleaseRoutes
RtmGetRouteInfo
RtmIgnoreChangedDests
RtmReleaseRouteInfo
RtmGetRoutePointer
RtmCreateNextHopEnum
RtmLockDestination
RtmGetEnumRoutes
RtmGetEntityMethods
RtmFindNextHop
RtmInvokeMethod
RtmDeleteEnumHandle
RtmIsBestRoute

secur32

EnumerateSecurityPackagesW
AcquireCredentialsHandleW
FreeCredentialsHandle
EnumerateSecurityPackagesA
RevertSecurityContext
ApplyControlToken
ImpersonateSecurityContext

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0f61286c6396ccf28fed994d6a49819

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

rtm

secur32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

.ndata Size: 2KB - Virtual size: 2KB

.adata Size: 512B - Virtual size: 429B

.rsrc Size: 9KB - Virtual size: 12KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

.ndata
Size: 2KB - Virtual size: 2KB

.adata
Size: 512B - Virtual size: 429B

.rsrc
Size: 9KB - Virtual size: 12KB