0be6de3d21ee77dfa89ad73a151a3f1a63fc660323e9912cf927c7d592e830a0

Sharing

Copy URL

Twitter E-mail

General

Target

0be6de3d21ee77dfa89ad73a151a3f1a63fc660323e9912cf927c7d592e830a0
Size

276KB
MD5

bf3d28da1acf3a306859106dd7206ffc
SHA1

fa37054adfc95148b9df9a7c7e80ffddfe929401
SHA256

0be6de3d21ee77dfa89ad73a151a3f1a63fc660323e9912cf927c7d592e830a0
SHA512

043c91ba2a0e1fbdaa8d5863197a5ae65381682e86aa379ae027bc7860432aed0e3253a1e35b3903ea44f97cd667251785d0f6f490c92fa20ffe6fc90fb9f3d4
SSDEEP

6144:MHBYl0SbI/CDnxvesHlKf37atJGrvThe+KYJfY+iQyl2vcnm0osXl08+:MHBYlIuYvTh2UY+i6cnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be6de3d21ee77dfa89ad73a151a3f1a63fc660323e9912cf927c7d592e830a0

Files

0be6de3d21ee77dfa89ad73a151a3f1a63fc660323e9912cf927c7d592e830a0
.exe windows:4 windows x86 arch:x86

edb59ef8833d57ad35422a4060c91904

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZOpenFileA
LZSeek
LZRead
LZClose

kernel32

DeleteFileA
RemoveDirectoryA
lstrcatA
CreateDirectoryA
GetFileSize
CreateFileA
GetModuleFileNameA
SetFileAttributesA
GetTempFileNameA
GetTempPathA
GetShortPathNameA
ReadFile
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
GetVersionExA
CreateProcessA
CreateEventA
SetEvent
OpenEventA
WaitForSingleObject
ResetEvent
GetProcAddress
LoadLibraryA
FreeLibrary
GetCurrentThread
HeapFree
HeapAlloc
GetCurrentProcess
MoveFileExA
SetFilePointer
ResumeThread
SetThreadPriority
GetDiskFreeSpaceA
CreateMutexA
OpenMutexA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
GetSystemDirectoryA
SearchPathA
GetLocalTime
IsBadReadPtr
CreateThread
TerminateThread
GetStringTypeExA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapSize
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
ExitProcess
GetVersion
DebugBreak
GetCommandLineA
GetStartupInfoA
GetSystemTime
GetTimeZoneInformation
RtlUnwind
OpenSemaphoreA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseSemaphore
FormatMessageA
CompareStringW
LocalFree
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
CompareStringA
lstrcmpiA
lstrcmpA
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileStringA
lstrlenA
GetTickCount
CopyFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetFileAttributesA
GetDriveTypeA
GetExitCodeProcess
GetLastError
SetLastError
Sleep
CloseHandle
lstrcpyA
GetWindowsDirectoryA
GetVolumeInformationA
lstrcpynA
RaiseException

user32

EnumWindows
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
SetWindowPos
ShowWindow
IsWindow
CreateWindowExA
SetRect
GetSystemMetrics
SystemParametersInfoA
RegisterClassExA
LoadCursorA
LoadIconA
DefWindowProcA
RemovePropA
SetPropA
GetPropA
SetTimer
SetForegroundWindow
UnregisterClassA
GetClassNameA
GetDesktopWindow
GetClassInfoExA
DestroyWindow
GetCursorPos
PeekMessageA
LoadStringA
wvsprintfA
CharLowerA
GetWindowTextLengthA
GetWindowTextA
CharNextA
IsWindowVisible
MessageBoxA
PostMessageA
FindWindowA
PostQuitMessage
KillTimer

advapi32

ImpersonateSelf
OpenThreadToken
AccessCheck
AreAllAccessesGranted
RevertToSelf
AddAccessAllowedAce
GetAclInformation
GetAce
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateGuid

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wsock32

closesocket
socket
inet_ntoa
bind
ioctlsocket
htons
connect
send
__WSAFDIsSet
getsockopt
WSAAsyncGetHostByName
inet_addr
WSACancelAsyncRequest
WSAStartup
WSACleanup
recv
WSAGetLastError
select

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edb59ef8833d57ad35422a4060c91904

Headers

File Characteristics

Imports

lz32

kernel32

user32

advapi32

ole32

version

wsock32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 44KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 528B

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 44KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 528B