97201eed7e49624dfa6d677f36f7a71fb15893c13b112c15bae85f949dc67ed1

Sharing

Copy URL Twitter E-mail

General

Target

97201eed7e49624dfa6d677f36f7a71fb15893c13b112c15bae85f949dc67ed1
Size

503KB
MD5

3e45002297b90d77ee2c5faec12a3be7
SHA1

c557a2c0003c14647400ee8262e92f1f355fe22d
SHA256

97201eed7e49624dfa6d677f36f7a71fb15893c13b112c15bae85f949dc67ed1
SHA512

aeb6ce6d0b1f38fdd690c071d905c485a51ad13810a13094645bf5dab40bb50480776046706d0b71cc521fb776ade28745f78dd24f95deafd65dd7cf2efd7327
SSDEEP

12288:2fd5hom+lf11H3vcNsHNaFgTecchtc5syIOl2T6bUHJk:2fdf0f11H3SGaFgT5csxIOl2T6bGJk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97201eed7e49624dfa6d677f36f7a71fb15893c13b112c15bae85f949dc67ed1

Files

97201eed7e49624dfa6d677f36f7a71fb15893c13b112c15bae85f949dc67ed1
.dll windows x86

4f46924c60bdf59293c42b8f6fa50dd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ollydbg.exe

ord179
ord92
ord98
ord78
ord59
ord38
ord93
ord27
ord185
ord89
ord186
ord76
ord85
ord2
ord45
ord84
ord99
ord115
ord46
ord90
ord31
ord25
ord4
ord161
ord79
ord175
ord73
ord117
ord172
ord171
ord75
ord106
ord101
ord124
ord152
ord173
ord180
ord108
ord164
ord167
ord169
ord155
ord5
ord42
ord23
ord53
ord170
ord174
ord109
ord60
ord104
ord114
ord91
ord54
ord107
ord88
ord44
ord36

kernel32

VirtualFree
OpenProcess
lstrcmpiA
GetProcAddress
VirtualAlloc
Process32Next
GetModuleHandleA
VirtualProtect
CreateToolhelp32Snapshot
CloseHandle
ExitProcess
CreateFileA
SetFilePointer
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
GetCommandLineA
ReadProcessMemory
CreateProcessA
ReadFile
FlushInstructionCache
GetLastError
VirtualProtectEx
VirtualAllocEx
ResumeThread
MapViewOfFile
UnmapViewOfFile
VirtualQueryEx
GlobalAlloc
CreateFileMappingA
GetFileSize
Sleep
MultiByteToWideChar
DeviceIoControl
GetModuleFileNameA
GetCurrentProcessId
GetTempPathA
DeleteFileA
Process32First
HeapCreate
HeapSize
LoadLibraryA
QueryDosDeviceA
WideCharToMultiByte
TerminateThread
IsBadWritePtr
GlobalFree
OpenThread
LocalAlloc
GetSystemInfo
GetCurrentThreadId
OutputDebugStringA
LocalFree
GetTickCount
CreateThread
DebugActiveProcess
GetThreadContext
SetThreadContext
MoveFileExA
GlobalLock
GetCurrentThread
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
LeaveCriticalSection
GlobalUnlock
CopyFileA
EnterCriticalSection
ContinueDebugEvent
WaitForDebugEvent
GetVersionExA
WinExec
SuspendThread
WriteFile
MoveFileA
GetCurrentDirectoryA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlUnwind
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStdHandle
GetModuleHandleW
DeleteCriticalSection
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
InitializeCriticalSection
VirtualQuery

user32

GetDesktopWindow
EnumChildWindows
PostMessageA
OpenClipboard
MessageBoxW
EmptyClipboard
SetForegroundWindow
SetClipboardData
CreateMDIWindowA
GetClipboardData
DialogBoxParamA
InSendMessage
GetClassLongA
GetWindowLongA
GetWindowLongW
GetForegroundWindow
GetClassLongW
LoadImageA
MoveWindow
GetWindow
GetKeyState
CloseClipboard
EnableWindow
CallWindowProcA
SetWindowTextA
DeferWindowPos
ShowWindow
GetSysColor
DefWindowProcA
CreateWindowExA
InvalidateRect
SetWindowLongA
GetWindowTextA
BeginPaint
DestroyWindow
GetMessageA
SetTimer
PostQuitMessage
TranslateMessage
UnregisterClassA
SetWindowPos
DispatchMessageA
GetSystemMetrics
LoadCursorA
RegisterClassA
SendDlgItemMessageA
DrawTextExA
ReleaseDC
GetDlgItem
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetComboBoxInfo
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
UpdateWindow
SetProcessWindowStation
OpenDesktopA
CloseWindowStation
GetProcessWindowStation
GetUserObjectSecurity
CloseDesktop
OpenWindowStationA
MessageBoxA
SetUserObjectSecurity
SendInput
WinHelpA
wsprintfA
EndPaint
ScreenToClient
GetWindowRect
FillRect
DrawTextA
GetClientRect
SetFocus
GetWindowTextLengthA
SendMessageA
GetDC

gdi32

SelectObject
DeleteObject
SetBkColor
GetObjectA
GetStockObject
CreateCompatibleDC
DeleteDC
BitBlt
SetTextColor
CreateSolidBrush

comdlg32

GetOpenFileNameA

advapi32

GetSecurityDescriptorDacl
LsaFreeMemory
LogonUserA
GetLengthSid
BuildExplicitAccessWithNameA
AddAce
FreeSid
RevertToSelf
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetKernelObjectSecurity
MakeAbsoluteSD
ImpersonateLoggedOnUser
LsaClose
DuplicateTokenEx
GetAce
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
CreateRestrictedToken
GetAclInformation
GetKernelObjectSecurity
GetTokenInformation
LsaEnumerateAccountRights
LsaOpenPolicy
SetEntriesInAclA
OpenProcessToken
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueA
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
ImpersonateSelf
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
CreateServiceA
StartServiceA
ChangeServiceConfigA

shell32

ShellExecuteExA

netapi32

NetUserDel
NetUserAdd

shlwapi

SHRegCloseUSKey
StrCmpNIA
SHRegWriteUSValueA
SHRegCreateUSKeyA

imagehlp

CheckSumMappedFile

psapi

EnumProcessModules
GetMappedFileNameA
GetModuleFileNameExA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetGetConnectedState

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.fengyue
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f46924c60bdf59293c42b8f6fa50dd9

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

user32

gdi32

comdlg32

advapi32

shell32

netapi32

shlwapi

imagehlp

psapi

wininet

version

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

HookStub Size: 512B - Virtual size: 4KB

.rdata Size: 123KB - Virtual size: 124KB

.data Size: 26KB - Virtual size: 60KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 16KB

.fengyue Size: 169KB - Virtual size: 172KB

.reloc Size: 9KB - Virtual size: 12KB

.text
Size: 156KB - Virtual size: 156KB

HookStub
Size: 512B - Virtual size: 4KB

.rdata
Size: 123KB - Virtual size: 124KB

.data
Size: 26KB - Virtual size: 60KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 16KB

.fengyue
Size: 169KB - Virtual size: 172KB

.reloc
Size: 9KB - Virtual size: 12KB