ce27d835b1c247811ddadd165f913620N

Sharing

Copy URL Twitter E-mail

General

Target

ce27d835b1c247811ddadd165f913620N
Size

269KB
MD5

ce27d835b1c247811ddadd165f913620
SHA1

e9246e3229db094e785653db1f6cff1dea81e8e0
SHA256

2a56d690a7250770a54146155e06a6cbf235b7a65728a061f18a314b6212a2e2
SHA512

3d37d7942f3b8f1ae26c88e4b3a6d06e4d37fa8d78f661eba166e0ce089ed035f0acfe29400746484499f75fea7399aaca85a2e9fcd6da7f1fa35be29905d11a
SSDEEP

3072:N20bWZkgIVVQrJhGdafsr5JJj4yPMrTtqc0bLE1w8WqhtWIvZP1v63Zf2Yg932WJ:N+RrJiafsrHxEkREuan9vB1+g93XlD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce27d835b1c247811ddadd165f913620N

Files

ce27d835b1c247811ddadd165f913620N
.exe windows:5 windows x86 arch:x86

54837e8a7f5b487701911ce76dc34095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CreateServiceA
OpenSCManagerA
QueryServiceStatus
StartServiceA
OpenServiceA
ControlService
SetServiceStatus
RegQueryValueExA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
DeleteService

kernel32

HeapFree
GetProcessHeap
GetCurrentThreadId
GetSystemTime
HeapAlloc
FormatMessageA
CloseHandle
InterlockedExchange
SetEvent
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
CreateEventA
TerminateThread
CreateThread
ResetEvent
SetWaitableTimer
CancelWaitableTimer
CreateSemaphoreA
CreateWaitableTimerA
GetLastError
DuplicateHandle
GetCurrentProcess
ReleaseSemaphore
WaitForMultipleObjects
GetThreadPriority
SetThreadPriority
GetCurrentThread
OutputDebugStringA
WriteFile
GetStdHandle
FreeLibrary
GetCurrentProcessId
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
TerminateProcess
ExitProcess
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObjectEx
DeviceIoControl
FindVolumeClose
FindNextVolumeA
FindFirstVolumeA
GetSystemInfo
SetUnhandledExceptionFilter
CreateMutexA
SetConsoleCtrlHandler
SetStdHandle
CreateDirectoryA
SetCurrentDirectoryA
GetLocalTime
CreateProcessA
DebugBreak
GetTickCount
GetCommandLineA
GetVersionExA
GetModuleHandleA
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
ReadFile
SetFilePointer
VirtualQuery
HeapSize
VirtualProtect
VirtualAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetEndOfFile

ws2_32

ntohs
accept
listen
bind
htons
WSAGetLastError
socket
ntohl
htonl
inet_ntoa
WSASend
setsockopt
gethostbyname
inet_addr
WSACleanup
WSAStartup
sendto
recvfrom
shutdown
recv
send
WSARecv
closesocket

user32

wsprintfA
BroadcastSystemMessageA

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54837e8a7f5b487701911ce76dc34095

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

user32

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.rmnet
Size: 56KB - Virtual size: 60KB