fd047120aea0116a68e040cb5f58e570c4b96ec77003f31bc091d15852ba1319N

Sharing

Copy URL

Twitter E-mail

General

Target

fd047120aea0116a68e040cb5f58e570c4b96ec77003f31bc091d15852ba1319N
Size

1016KB
MD5

9ac6c7a0e090b91c0cea44e84cab9e00
SHA1

b2bf0da8a0a4d6790740dfc2961d08d4dcd50e5d
SHA256

fd047120aea0116a68e040cb5f58e570c4b96ec77003f31bc091d15852ba1319
SHA512

0e28b498fa9d94a9e21dfdeecc5dd82cd61ef622531570db82360a9da6f93d2c66d0fe1c7c4ca0f0fee4c3959d1f7c4e02001adde5063d291b7d44ce180b714b
SSDEEP

12288:Mm5u/b7VfkqqKUVwPjmCzJOk64qGsEswnnziOikEKwBdMBcSTA9/LZ8sEpqx0tEq:Mm54VfkqbzJOL4qHlZWvYLmrpqzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd047120aea0116a68e040cb5f58e570c4b96ec77003f31bc091d15852ba1319N

Files

fd047120aea0116a68e040cb5f58e570c4b96ec77003f31bc091d15852ba1319N
.exe windows:5 windows x86 arch:x86

ba33b906410e3d3f52443bc685deb8f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\git\ntp\ports\winnt\vs2008\Win32-out\Release\ntpdate.pdb

Imports

ws2_32

recvfrom
inet_addr
htonl
select
inet_ntoa
ioctlsocket
WSAStartup
connect
WSAGetLastError
htons
ntohs
setsockopt
getservbyport
sendto
WSACleanup
bind
socket
getservbyname
__WSAFDIsSet
WSASetLastError
closesocket
gethostbyaddr
gethostbyname

kernel32

OutputDebugStringA
SetEnvironmentVariableA
GlobalMemoryStatus
CompareStringA
FreeLibrary
GetCurrentProcess
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
GetLastError
GetProcAddress
LoadLibraryA
FlushConsoleInputBuffer
CompareStringW
GetVersion
GetLocaleInfoA
GetStringTypeW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetPriorityClass
GetPriorityClass
LocalFree
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetSystemTime
SetLastError
InterlockedDecrement
Sleep
HeapFree
CloseHandle
GetFileType
CreateFileA
HeapAlloc
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetTimeZoneInformation
SetFilePointer
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
GetCommandLineA
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadConsoleInputA
SetConsoleMode
CreateFileW
TerminateProcess
IsDebuggerPresent
RaiseException
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
SetStdHandle
SetEndOfFile
GetProcessHeap
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapSize
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
GetModuleHandleA
GetStringTypeA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

winmm

timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetDevCaps

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ڌxɣu1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba33b906410e3d3f52443bc685deb8f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

winmm

user32

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 751KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 24KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 436B

ڌxɣu1 Size: 16KB - Virtual size: 20KB

.text
Size: 752KB - Virtual size: 751KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 24KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 436B

ڌxɣu1
Size: 16KB - Virtual size: 20KB