d57dcdb3d3b1710218d2c4a368a5f0eef411287511d7d20cef0a4703ce0d424f

Sharing

Copy URL Twitter E-mail

General

Target

d57dcdb3d3b1710218d2c4a368a5f0eef411287511d7d20cef0a4703ce0d424f
Size

312KB
MD5

edaa0d157fb2bb7bbf33d4469c31584a
SHA1

5f8e819e3a1a788fe76f8a499c18cf4e634f57c9
SHA256

d57dcdb3d3b1710218d2c4a368a5f0eef411287511d7d20cef0a4703ce0d424f
SHA512

6632d99db6e3477e6cc40fe2ce3dd1d697aad05bbd4d4fb5125805ac872860bf349eb20f4a800a521381b02b7fb3f2447d7487583b1a4f4b67d68c420c668103
SSDEEP

1536:OKuRtjQWZ9ZYS/fuF5lFlccEsRBX10yn7QGgIde:OKuRF7Zj/fCltEsT10yn7QGgIde

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d57dcdb3d3b1710218d2c4a368a5f0eef411287511d7d20cef0a4703ce0d424f

Files

d57dcdb3d3b1710218d2c4a368a5f0eef411287511d7d20cef0a4703ce0d424f
.dll windows x86

6cdd8f27df52374f7ede892f90587172

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1255
ord6467
ord1578
ord1253
ord826
ord269
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord3811
ord354
ord5186
ord3318
ord1979
ord665
ord2820
ord6385
ord4058
ord924
ord2781
ord537
ord3178
ord3181
ord6877
ord1980
ord940
ord825
ord823
ord5683
ord859
ord4202
ord2818
ord939
ord2777
ord2915
ord2764
ord4129
ord858
ord5710
ord535
ord356
ord941
ord2770
ord668
ord860
ord540
ord802
ord542
ord800
ord600
ord1116

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
strcmp
strncpy
time
srand
rand
__CxxFrameHandler
_mbscmp
printf
memcpy
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
atoi
strlen
strcat
strcpy
sprintf
memset
free
strrchr
toupper
wcslen
_mbsicmp
malloc

kernel32

DeleteFileA
CopyFileA
CreateFileA
AreFileApisANSI
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
Sleep
CreateToolhelp32Snapshot
Process32First
CreateDirectoryA
TerminateProcess
Process32Next
GetLogicalDriveStringsA
GetDriveTypeA
GetLastError
CloseHandle
SetPriorityClass
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
OutputDebugStringA
lstrcmpiA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetModuleFileNameA
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
LocalAlloc
OpenProcess
SetVolumeMountPointA

user32

FindWindowA
GetWindowThreadProcessId

advapi32

RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA

ole32

CoCreateGuid
CoUninitialize
CoInitialize

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathFileExistsA

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

Exports

Exports

FCB_RunDll

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cdd8f27df52374f7ede892f90587172

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

msvcp60

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 252KB - Virtual size: 266KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 252KB - Virtual size: 266KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB