ecdc9a72367e25f6b8729d979f6a5a4192b7828268572c4b39309a38ef929608

Sharing

Copy URL

Twitter E-mail

General

Target

ecdc9a72367e25f6b8729d979f6a5a4192b7828268572c4b39309a38ef929608
Size

360KB
MD5

c2263292e68c0e2c0ed1e68529d0463a
SHA1

a70018e5cb3c166bb943b67bede0e4cc632d7de3
SHA256

ecdc9a72367e25f6b8729d979f6a5a4192b7828268572c4b39309a38ef929608
SHA512

2c57c872fe183284ee922b30b19884a0b3201ed12cd30c85c0f409aea3b3c15da7b6c9bedcff2f00eefe064c697c26a6a87cac9061c993b24dcc9041fb594caf
SSDEEP

768:tNFwc7Pf+GX1uNopy4zQ4UWuLpwgPQJ63Uo6NLJREo0GP6uBv:tNFwolK6Q4UJ2gPQEUyo3Sgv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecdc9a72367e25f6b8729d979f6a5a4192b7828268572c4b39309a38ef929608

Files

ecdc9a72367e25f6b8729d979f6a5a4192b7828268572c4b39309a38ef929608
.exe windows:4 windows x86 arch:x86

650bae8e7419abb8b1f7a8ed197326e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetVersionExW
GetComputerNameW
Sleep
CreateFileW
WaitForSingleObject
CreateThread
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
WriteFile
CreatePipe
WideCharToMultiByte
ReadFile
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
GetCurrentThread
GetLastError
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetSystemInfo
TerminateProcess
MultiByteToWideChar
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
GetACP
FlushFileBuffers
GetCPInfo
SetFilePointer
IsBadWritePtr
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ExitProcess
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

wsprintfW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
OpenThreadToken

shell32

ShellExecuteW
ShellExecuteA

ws2_32

WSACleanup
gethostbyname
gethostname
inet_ntoa
WSAStartup
inet_addr

wininet

HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetConnectA
InternetOpenW
InternetSetOptionW
InternetCloseHandle

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

650bae8e7419abb8b1f7a8ed197326e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

psapi

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 12KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 12KB

.shell
Size: 320KB - Virtual size: 320KB