81c818f1762fa9106eb647995fbc303baa51050a1f09fb8361dcef978c0ca73b

Sharing

Copy URL Twitter E-mail

General

Target

81c818f1762fa9106eb647995fbc303baa51050a1f09fb8361dcef978c0ca73b
Size

360KB
MD5

6699be60ea438092a0cd2552e7d3867e
SHA1

ba5e3b607d4e5740e6604cc2c8959713c97b1798
SHA256

81c818f1762fa9106eb647995fbc303baa51050a1f09fb8361dcef978c0ca73b
SHA512

dd2fc35202b250a17a8ff1f9e00a90bab72d1ba83756a93b35b11e94c93bb82d63aeff87785ae8a5c30728a2fbdfe4a2f7a18534e90c0c44337b1a8f1db20c8f
SSDEEP

768:+NFwPbSG+287ONfGx/TLO+DhvsoofAB5B8xm/Z3/Mhpo3MpBD:+NFwPbd+2+NJhveYB5yxqWo3ABD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81c818f1762fa9106eb647995fbc303baa51050a1f09fb8361dcef978c0ca73b

Files

81c818f1762fa9106eb647995fbc303baa51050a1f09fb8361dcef978c0ca73b
.exe windows:4 windows x86 arch:x86

6e726222eb65bb10104af96bcb92c7c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
GetVersionExW
Sleep
WaitForSingleObject
CreateThread
CreateEventW
WinExec
InitializeCriticalSection
SetEvent
GetComputerNameW
GetTickCount
GetOEMCP
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetDriveTypeW
FindClose
FindNextFileW
FileTimeToSystemTime
GetSystemInfo
FindFirstFileW
TerminateProcess
WriteFile
SetFilePointer
CreateFileW
GetFileSizeEx
DeleteFileW
ReadFile
CreatePipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
LCMapStringA
SetEndOfFile
GetCurrentThread
GetLastError
GetCurrentProcess
FileTimeToLocalFileTime
MultiByteToWideChar
LoadLibraryA
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
LCMapStringW

user32

GetSystemMetrics

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
OpenThreadToken

shell32

ShellExecuteW
ShellExecuteA

ws2_32

inet_ntoa
inet_addr
gethostbyname
recv
closesocket
WSACleanup
WSAStartup
htons
socket
select
send
gethostname
connect

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e726222eb65bb10104af96bcb92c7c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

psapi

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 8KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 8KB

.shell
Size: 320KB - Virtual size: 320KB