ee1898eb0e612e4116217f88b0ed242898819add02ced369897571a7241c8fa9N

Sharing

Copy URL Twitter E-mail

General

Target

ee1898eb0e612e4116217f88b0ed242898819add02ced369897571a7241c8fa9N
Size

145KB
MD5

0ef31cf1ea5542203a26aef336c7d780
SHA1

9350d95526296a5f85fc74c2d9bc9aa3e12448f1
SHA256

ee1898eb0e612e4116217f88b0ed242898819add02ced369897571a7241c8fa9
SHA512

5f60ec3e03626c3778067a1506ff7b40e10167f73d41158fdc07f735930718ba5f9f3d84c827ecbb5017fbca49efafd7e42f7f070443d48c3677fabfffa09832
SSDEEP

3072:ttywyWGWc9xmd/Y89RMJEMqldp1mNmtbHmSIaEQIKZqt4pw:2hWc9Qdl9ktsdp1ptbf0Kkt4pw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee1898eb0e612e4116217f88b0ed242898819add02ced369897571a7241c8fa9N

Files

ee1898eb0e612e4116217f88b0ed242898819add02ced369897571a7241c8fa9N
.exe windows:4 windows x86 arch:x86

a4b22273f2dd915f47b33603b4d8bd52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetProcAddress
lstrcmpA
DeleteFileA
MoveFileA
GetFileAttributesA
lstrcmpiA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryA
EnterCriticalSection
ResumeThread
SetFileAttributesA
GetFileInformationByHandle
WaitForMultipleObjects
PeekNamedPipe
CreateProcessA
CreatePipe
GetSystemTime
CopyFileA
LeaveCriticalSection
CreateMutexA
ReleaseMutex
DuplicateHandle
GetTickCount
LocalFree
LocalAlloc
VirtualAlloc
TerminateProcess
OpenProcess
GetCurrentProcessId
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
VirtualFree
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
VirtualProtect
MapViewOfFile
SearchPathA
GetCurrentThread
GetSystemDirectoryA
GetCommandLineA
ReadFile
GetComputerNameA
GetSystemInfo
lstrcatA
GetVersionExA
GlobalMemoryStatus
GetDriveTypeA
GetDiskFreeSpaceA
lstrlenA
lstrcpyA
Sleep
GetCurrentProcess
SetPriorityClass
CreateThread
SetThreadPriority
CreateFileA
CloseHandle
GetFileSize
WriteFile
MultiByteToWideChar
lstrcpynA
WaitForSingleObject
SetFilePointer
WideCharToMultiByte
GetModuleHandleA
WriteProcessMemory
CompareStringA
GetFullPathNameA
GetModuleFileNameA

user32

PostThreadMessageA
CreateWindowExA
RegisterClassA
DefWindowProcA
DestroyWindow
SendMessageA
CharUpperA
GetDesktopWindow
MessageBoxA
IsWindow
SetWindowsHookExA
SetKeyboardState
DispatchMessageA
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetWindowTextA
GetKeyNameTextA
GetKeyboardState
ToAscii
PeekMessageA
GetMessageA
CharToOemA
ExitWindowsEx
wsprintfA

gdi32

GetDIBColorTable
SelectObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateDCA
BitBlt
DeleteObject

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
GetUserNameA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegConnectRegistryA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyA
RegCreateKeyA

shell32

SHFileOperationA

wsock32

accept
bind
htons
socket
send
connect
ioctlsocket
recv
__WSAFDIsSet
select
inet_ntoa
listen
WSAStartup
ntohs
gethostname
getsockname
recvfrom
sendto
closesocket
gethostbyaddr
gethostbyname
setsockopt
WSACleanup

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

winmm

PlaySoundA

Sections

.text
Size: 37KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.plugins
Size: 83KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WWP32
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4b22273f2dd915f47b33603b4d8bd52

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

avicap32

winmm

Sections

.text Size: 37KB - Virtual size: 72KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 31KB

.plugins Size: 83KB - Virtual size: 232KB

.WWP32 Size: 1024B - Virtual size: 729B

.text
Size: 37KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 31KB

.plugins
Size: 83KB - Virtual size: 232KB

.WWP32
Size: 1024B - Virtual size: 729B