eee9c58eaebc672c0ae580ec4399cde009e78c46c74b4546bbdd7a4ac67efbf0

Sharing

Copy URL

Twitter E-mail

General

Target

eee9c58eaebc672c0ae580ec4399cde009e78c46c74b4546bbdd7a4ac67efbf0
Size

23KB
MD5

2ba5a68a96ca72747096d2e3bcd25760
SHA1

23717cebb19669c0bfddacf81ec33c278b8bafd4
SHA256

eee9c58eaebc672c0ae580ec4399cde009e78c46c74b4546bbdd7a4ac67efbf0
SHA512

27935884ffac88fc346348a814ea3ada015b956badf72dc5dcd136431787d923041503f6e48600e2c4166ee984f97e2b780c272ad1d68a9a57969d8461e5a12d
SSDEEP

384:dUWkBRFBU0hZtwjPC9z7IE9a4R5+uPX7xzoAk8yB6TYMP6IOZDglPGAlIEcHWGzY:Pk5BU0BwultjEuDaAqoL6IOZDw+AihWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eee9c58eaebc672c0ae580ec4399cde009e78c46c74b4546bbdd7a4ac67efbf0

Files

eee9c58eaebc672c0ae580ec4399cde009e78c46c74b4546bbdd7a4ac67efbf0
.dll windows x86

7e4f4df9f726f09c71ea81106db25bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord12154
ord1310
ord11571
ord12153
ord4290
ord296
ord4360
ord12801
ord2151
ord2062
ord3846
ord1312
ord286
ord1270
ord869
ord11494
ord287
ord5264
ord285
ord2629
ord7871
ord11683
ord2620
ord2614
ord1479
ord1476
ord902
ord908
ord13605
ord2091
ord322
ord2055
ord2053
ord2080
ord1984
ord2045
ord3413
ord408
ord1953
ord2090
ord2088
ord1945
ord1873
ord1934
ord323
ord1301
ord1300

msvcr100

_wtoi
wcspbrk
vswprintf_s
wcscpy_s
wcscat_s
__CxxFrameHandler3
??2@YAPAXI@Z
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcsstr
_wcsicmp
memset
_wtoi64

kernel32

CreateRemoteThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
TerminateProcess
Process32NextW
Process32FirstW
MoveFileW
GetTempPathW
GetLastError
Sleep
ReadProcessMemory
CreateProcessW
CreateToolhelp32Snapshot
CloseHandle
VirtualFreeEx
WaitForSingleObject
VirtualAllocEx
GetModuleHandleW
GetProcAddress
OutputDebugStringW
OpenProcess
WriteProcessMemory

user32

MapVirtualKeyW
SetWindowLongW
GetWindowLongW
FindWindowExW
IsWindow
SendMessageW
PostMessageW
EnumWindows
GetWindowThreadProcessId
GetWindowTextW

shlwapi

PathFindFileNameW

Exports

Exports

CloseGHOFile
GHOFindFile
GetGHOPartitionCount
GhoGetAllSubDir
GhoGetFirstFile
GhoGetNextFile
OpenGHOFile
SaveFileInGho

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e4f4df9f726f09c71ea81106db25bdc

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB