c840b905c35bfb1d0797a0f2072918761ca5283246d2926139d84992367ec2ac

Sharing

Copy URL Twitter E-mail

General

Target

c840b905c35bfb1d0797a0f2072918761ca5283246d2926139d84992367ec2ac
Size

293KB
MD5

bface4797ab6dd11983ceb50bb77d100
SHA1

c2f957a43f1d389b19c56321c7b40ddee7437f84
SHA256

c840b905c35bfb1d0797a0f2072918761ca5283246d2926139d84992367ec2ac
SHA512

6589d2296e1e56cb7f34fbda47049ff93551953e09eed8173c5cd1686484d9110259c64a5db9c5ea3f1fdfbfc1624d3b41046438b705ed2d5c471a92da6c9b02
SSDEEP

6144:BGRLgvxOsYtOxpeuKzWYi2NbpGSpo7TRCVigTBSHAO6dd:QR0ZODOfe1Hi6sRC4gTYHU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c840b905c35bfb1d0797a0f2072918761ca5283246d2926139d84992367ec2ac

Files

c840b905c35bfb1d0797a0f2072918761ca5283246d2926139d84992367ec2ac
.dll windows x86

3673bb1beea68bc996e16f67aa54c7dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl

advapi32

OpenThreadToken
SetSecurityDescriptorDacl
RevertToSelf
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
ImpersonateSelf
IsValidSecurityDescriptor
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
AddAccessAllowedAce

netapi32

Netbios

kernel32

GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
GetComputerNameA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
GetSystemFirmwareTable
VirtualProtect
HeapFree
SetLastError
VirtualFree
GetCurrentProcess
WriteFile
VirtualAlloc
CreateMutexA
WaitForSingleObject
LocalAlloc
CreateFileW
UnmapViewOfFile
MultiByteToWideChar
Sleep
GetLastError
OpenMutexA
GetCurrentThread
LoadLibraryA
CloseHandle
GetNativeSystemInfo
CreateThread
HeapAlloc
GetProcAddress
CreateFileMappingA
LocalFree
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
IsBadReadPtr
MapViewOfFile
GetTickCount
WriteConsoleW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindFirstFileExW
RtlUnwind
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3673bb1beea68bc996e16f67aa54c7dd

Headers

DLL Characteristics

File Characteristics

Imports

ole32

winhttp

advapi32

netapi32

kernel32

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 9KB - Virtual size: 8KB