b33fe366191f2b84335d86ad4ab709d7872c05b177d14687fa362c9259825209N

Sharing

Copy URL Twitter E-mail

General

Target

b33fe366191f2b84335d86ad4ab709d7872c05b177d14687fa362c9259825209N
Size

4.2MB
MD5

0164860f42015004811c6751aea4d0b0
SHA1

c154a367db9f24d30c48b529bca1241e4eb7b406
SHA256

b33fe366191f2b84335d86ad4ab709d7872c05b177d14687fa362c9259825209
SHA512

f9e1655d3961300102362573234d68692164cef9029a10c3d3eac8e62232cc35c8164bbda3d93c9cee5de69d2268fe0188b0ed5f62156942ab465220275acdc8
SSDEEP

98304:6NuahdV7t+tPcfqtZ+Nb+PT9ikpUXz6zWMLs7v8D527BWG:o9hdV7t+tEuZ+h+L9PSXWzBVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b33fe366191f2b84335d86ad4ab709d7872c05b177d14687fa362c9259825209N

Files

b33fe366191f2b84335d86ad4ab709d7872c05b177d14687fa362c9259825209N
.exe windows:4 windows x86 arch:x86

164b85d485dd9582e6cf2f4048f0a362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__main
_dll_crt0@0
_exit
_fcntl64
_fdopen64
_fopen64
_freopen64
_fstat64
_ftruncate64
_geteuid32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_stat64
abort
accept
access
alarm
atoi
basename
bind
bsearch
calloc
chdir
chmod
clock_gettime
close
closedir
connect
cygwin_detach_dll
cygwin_internal
dirname
dll_dllcrt0
dup
dup2
execl
execlp
execve
execvp
exit
fclose
fcntl
fdopen
fflush
fgetc
fgets
fileno
flockfile
fopen
fork
fprintf
fputc
fputs
fread
free
freeaddrinfo
freopen
fscanf
fseek
fstat
fsync
ftell
ftruncate
funlockfile
fwrite
gai_strerror
getaddrinfo
getc_unlocked
getcwd
getdelim
getenv
geteuid
gethostname
getnameinfo
getpagesize
getpass
getpgid
getpid
getppid
getpwnam
getpwuid
getrlimit
gettimeofday
getuid
gmtime_r
htons
ioctl
isatty
kill
link
listen
localtime_r
lseek
lstat
malloc
memchr
memcmp
memcpy
memmem
memmove
memset
mkdir
mkdtemp
mkstemp
mktime
mmap
munmap
ntohs
open
opendir
perror
pipe
poll
posix_memalign
pread
printf
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_wait
pthread_create
pthread_equal
pthread_exit
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_init
pthread_mutexattr_settype
pthread_self
pthread_setcancelstate
pthread_setspecific
pthread_sigmask
putc
putchar
puts
qsort
raise
rand
read
readdir
readlink
realloc
regcomp
regerror
regexec
regfree
rename
rewind
rmdir
setbuf
setenv
setitimer
setsid
setsockopt
setvbuf
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
srand
sscanf
stat
strcasecmp
strcasestr
strchr
strcmp
strcspn
strdup
strerror
strftime
strlcpy
strlen
strncasecmp
strncmp
strpbrk
strrchr
strspn
strstr
strtoimax
strtol
strtoul
strtoumax
symlink
sysconf
tcgetpgrp
time
umask
uname
uname_x
ungetc
unlink
unsetenv
utime
vfprintf
vprintf
vsnprintf
waitpid
write

cygiconv-2

libiconv
libiconv_close
libiconv_open
locale_charset

cygintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_ngettext
libintl_setlocale
libintl_textdomain

cygz

crc32
deflate
deflateBound
deflateEnd
deflateInit2_
deflateInit_
inflate
inflateEnd
inflateInit2_
inflateInit_

cyggcc_s-1

__ctzdi2
__divdi3
__udivdi3
__umoddi3

kernel32

FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 664KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

164b85d485dd9582e6cf2f4048f0a362

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygwin1

cygiconv-2

cygintl-8

cygz

cyggcc_s-1

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.data Size: 53KB - Virtual size: 53KB

.rdata Size: 508KB - Virtual size: 508KB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 400KB - Virtual size: 400KB

.bss Size: - Virtual size: 122KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 664KB - Virtual size: 668KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 53KB - Virtual size: 53KB

.rdata
Size: 508KB - Virtual size: 508KB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 400KB - Virtual size: 400KB

.bss
Size: - Virtual size: 122KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 664KB - Virtual size: 668KB