94c33f57c065d6b601d6304d50fa2b8d6010091678304828441705454fa0c36d

Sharing

Copy URL Twitter E-mail

General

Target

94c33f57c065d6b601d6304d50fa2b8d6010091678304828441705454fa0c36d
Size

492KB
MD5

c3e1c4bb1e513bb113a56ad07dad0cbd
SHA1

a1e5fb65fcf31a7a5dd71fa502fbc2604e69378e
SHA256

94c33f57c065d6b601d6304d50fa2b8d6010091678304828441705454fa0c36d
SHA512

8f1d2a827710f9209f9bc1f33adc976a25ab21a6df8462e1700131c75ba5b4bccdb5eadaeb6bb376297ce70822008e791e71e38d6a65ce91866f92d159189a8b
SSDEEP

3072:4vt8wAm2tUVZZ97HItPA6qLg6O5c3+CrIYqnvcDZT33TaDf:M+wetUVZZ97HAqLg688rIYqmZCD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94c33f57c065d6b601d6304d50fa2b8d6010091678304828441705454fa0c36d

Files

94c33f57c065d6b601d6304d50fa2b8d6010091678304828441705454fa0c36d
.exe windows:4 windows x86 arch:x86

466a7148382ec6121eb97cb51d84330c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateEventA
WaitForSingleObject
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentDirectoryA
FindClose
GetComputerNameA
FindFirstFileA
GetSystemDirectoryA
CreateThread
CloseHandle
VirtualAlloc
Sleep
VirtualFree
lstrcmpA
EnterCriticalSection
LoadLibraryA
LeaveCriticalSection
GetProcAddress
FreeLibrary
DeleteCriticalSection
WriteFile
ReadFile
GetFileSize
SetEndOfFile
SetFilePointer
LoadLibraryW
GetSystemInfo
GetCurrentProcess
HeapReAlloc
GetProcessHeap
GlobalReAlloc
InitializeCriticalSection
GetVersionExA
GlobalHandle
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
HeapFree
HeapAlloc
GetQueuedCompletionStatus
ResetEvent
DeviceIoControl
CreateIoCompletionPort
WaitForMultipleObjects
ReleaseSemaphore
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
CompareStringW
DeleteFileA
GetSystemDirectoryW
CreateFileW
CreateFileA
WideCharToMultiByte
GetLastError
PulseEvent
MultiByteToWideChar

user32

GetDesktopWindow
ReleaseDC
GetSystemMetrics
GetDC
GetMessageA
wsprintfA

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteObject
DeleteDC
BitBlt
SelectObject

advapi32

RegQueryValueA
UnlockServiceDatabase
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
OpenSCManagerW
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
LockServiceDatabase
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
OpenServiceW
CreateServiceW
StartServiceW
ChangeServiceConfigW
QueryServiceStatus

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString

ws2_32

htons
ntohs
inet_ntoa
inet_addr

winmm

mixerOpen
mixerSetControlDetails
mixerGetControlDetailsA
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
mixerGetLineControlsA
mixerGetLineInfoA
waveInGetNumDevs
waveInGetDevCapsA
waveInOpen
waveInClose
mixerClose
waveInPrepareHeader

cfgmgr32

CM_Enumerate_Classes

setupapi

SetupDiClassGuidsFromNameA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassImageList
SetupDiGetClassImageIndex
SetupDiGetClassDevsA
SetupDiOpenClassRegKeyExA
SetupDiDestroyDeviceInfoList
SetupDiClassNameFromGuidA

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

_XcptFilter
__p___initenv
_exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
realloc
exit
strtol
strtoul
_vsnwprintf
_vsnprintf
_except_handler3
strncpy
remove
_mbsicmp
fread
fwrite
fopen
_purecall
memmove
fclose
_itoa
_snprintf
__CxxFrameHandler
??2@YAPAXI@Z
malloc
free
_CxxThrowException
__getmainargs

msvcirt

?cout@@3Vostream_withassign@@A
?get@istream@@QAEAAV1@AAD@Z
?write@ostream@@QAEAAV1@PBDH@Z
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@PBD@Z
?cerr@@3Vostream_withassign@@A
?cin@@3Vistream_withassign@@A

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

466a7148382ec6121eb97cb51d84330c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

cfgmgr32

setupapi

msvcp60

msvcrt

msvcirt

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 92KB - Virtual size: 91KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 92KB - Virtual size: 91KB

.shell
Size: 320KB - Virtual size: 320KB