58c0df8078d6262679e8cb6ba48c3e0dfbd3873f2f316a2698db815bda712313

Sharing

Copy URL

Twitter E-mail

General

Target

58c0df8078d6262679e8cb6ba48c3e0dfbd3873f2f316a2698db815bda712313
Size

368KB
MD5

2e9d9dae8d8131022768cd65db4c0baa
SHA1

b5ecffe6d9d8462f3bf3415624b4d3d6292adc85
SHA256

58c0df8078d6262679e8cb6ba48c3e0dfbd3873f2f316a2698db815bda712313
SHA512

8307638a77d2d8e0b5686abc65b143049ca2bac154d36d92de2d97c4ef2571e7cf67617f5df1241578c2fa87e8642dc8cabba3d03f66870d1a9f922fdd8372a5
SSDEEP

3072:Gvfj3JL02OnBBzhylM8v2WN9NHgUUIseUy+x+u8RhgIbWtynyucCQYcZXM3gHkIk:Gnj3ejTzs/HflgUu+ZRONtYXcNftqPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58c0df8078d6262679e8cb6ba48c3e0dfbd3873f2f316a2698db815bda712313

Files

58c0df8078d6262679e8cb6ba48c3e0dfbd3873f2f316a2698db815bda712313
.exe windows:4 windows x86 arch:x86

483860d8740fedbbc64e6f17bf2c8f91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord1727
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord537
ord2764
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord3402
ord4396
ord5241
ord6374
ord5065
ord5261
ord2446
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord283
ord613
ord6880
ord289
ord6877
ord2818
ord2122
ord4160
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4467
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord401
ord674
ord5254
ord1911
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord5658
ord2395
ord6322
ord2609
ord1006
ord1787
ord6123
ord4291
ord1994
ord775
ord503
ord1261
ord5703
ord5701
ord5708
ord1264
ord1567
ord1598
ord1583
ord1600
ord268
ord1596
ord6152
ord322
ord639
ord2915
ord1799
ord4622
ord614
ord290
ord4226
ord924
ord1105
ord926
ord1825
ord4238
ord4696
ord3058
ord3065
ord4353
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord5821
ord3662
ord5651
ord3131
ord3736
ord3969
ord349
ord414
ord713
ord5604
ord3438
ord393
ord3646
ord1953
ord397
ord5859
ord912
ord5631
ord699
ord1200
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord2514
ord5943
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord2587
ord4406
ord3394
ord3729
ord3610
ord6743
ord2582
ord4402
ord3370
ord3640
ord654
ord804
ord656
ord6515
ord693
ord1168
ord341
ord2841
ord2448
ord2363
ord2362
ord2302
ord798
ord4224
ord2044
ord2107
ord3903
ord5710
ord5465
ord5194
ord533
ord6215
ord2642
ord3092
ord755
ord470
ord4299
ord1768
ord2820
ord3811
ord3996
ord2862
ord6907
ord3998
ord6669
ord6334
ord3301
ord6199
ord3495
ord801
ord6648
ord541
ord3177
ord2515
ord355
ord5858
ord690
ord1988
ord5922
ord3215
ord389
ord5311
ord6928
ord6283
ord6282
ord922
ord4278
ord6662
ord4099
ord2393
ord6663
ord3616
ord1979
ord6385
ord665
ord3127
ord5186
ord350
ord354
ord6883
ord6927
ord6929
ord2822
ord4476
ord5834
ord5163
ord2385
ord4407
ord1776
ord4078
ord6055
ord5860
ord2408
ord2096
ord1175
ord2864
ord5785
ord2405
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord6336
ord384
ord1576

msvcrt

_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
_CxxThrowException
sprintf
atoi
_vsnprintf
rand
atof
_mbsrchr
strstr
vsprintf
_splitpath
fclose
fwrite
fopen
_access
_mbsicmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

lstrlenW
GetCPInfo
GetVersion
GetVersionExA
LockResource
LoadResource
FindResourceA
lstrcmpiA
GetTempPathA
CloseHandle
WriteFile
CreateFileA
Sleep
SetCommState
BuildCommDCBA
SetupComm
GetCommState
ReadFile
ClearCommError
GlobalLock
GlobalAlloc
InitializeCriticalSection
GetTickCount
OutputDebugStringA
lstrcpyA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
SetEndOfFile
SetFilePointer
MoveFileA
DeleteFileA
GetFileSize
GetCurrentThreadId
GetPrivateProfileStringA
GetLastError
SizeofResource
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA
lstrlenA

user32

LoadCursorFromFileA
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
GetClientRect
FrameRect
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
EnableWindow
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
InvalidateRect
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
DrawEdge
SetRect
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
LoadIconA
GetMenuItemInfoA
PtInRect
IsZoomed
IsWindow
GetWindowDC
KillTimer
SetTimer
IsWindowVisible
wsprintfA
IsIconic
DrawIcon
GetSystemMenu
GetSubMenu
LoadCursorA

gdi32

CreateBitmap
SetBkColor
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_GetIcon
ImageList_AddMasked

wsock32

recvfrom
sendto
gethostbyname
inet_addr
WSACleanup
WSAStartup
send
recv
shutdown
closesocket
ioctlsocket
htons
socket
inet_ntoa
select
connect

odbc32

ord13
ord8
ord19
ord12
ord43
ord10
ord9
ord31
ord24
ord75
ord7
ord40
ord54
ord18

msvcirt

_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??1ios@@UAE@XZ
?openprot@filebuf@@2HB
??0ifstream@@QAE@PBDHH@Z
??1ifstream@@UAE@XZ
??_Difstream@@QAEXXZ

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

libssh2

libssh2_channel_free
libssh2_channel_close
libssh2_channel_process_startup
libssh2_session_last_error
libssh2_channel_open_ex
libssh2_session_block_directions
libssh2_session_free
libssh2_session_disconnect_ex
libssh2_userauth_password_ex
libssh2_session_handshake
libssh2_session_set_blocking
libssh2_session_init_ex
libssh2_init
libssh2_channel_read_ex

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

483860d8740fedbbc64e6f17bf2c8f91

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

wsock32

odbc32

msvcirt

msvcp60

libssh2

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 220KB - Virtual size: 217KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 220KB - Virtual size: 217KB