57829e12c4af645b76680ad03850fa86212ea6fa66bbd7e908c75ebdfe30a259

Sharing

Copy URL Twitter E-mail

General

Target

57829e12c4af645b76680ad03850fa86212ea6fa66bbd7e908c75ebdfe30a259
Size

652KB
MD5

24929bea897fe6a6030e92b2833e2c75
SHA1

0064611861601a0907f943f17d60c0c727a1fb1f
SHA256

57829e12c4af645b76680ad03850fa86212ea6fa66bbd7e908c75ebdfe30a259
SHA512

2125e8730590c05d08078f64d25e1125afdbe62e56021a41f721a9b57df245dac893cbc4b9f36b5142c9fc6791f6b94a2edf364d1b87facf76897d87de281b14
SSDEEP

12288:YbD+oRByRDlpeBxE53O5bjq2v2U04opqqGh0rsjcI:YP+OBWDlGxE53Ow2v2UUpqqGh0rsjcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57829e12c4af645b76680ad03850fa86212ea6fa66bbd7e908c75ebdfe30a259

Files

57829e12c4af645b76680ad03850fa86212ea6fa66bbd7e908c75ebdfe30a259
.dll windows x86

f4e1567b72e4760f43871844d4a66f79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetComputerNameA
GetStdHandle
FlushConsoleInputBuffer
DeleteCriticalSection
SetLastError
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
GetLastError
GenerateConsoleCtrlEvent
WaitForSingleObject
CreatePipe
SetStdHandle
GetCurrentProcess
DuplicateHandle
TerminateProcess
GetCurrentThreadId
CreateEventA
SetEvent
InitializeCriticalSection
TerminateThread
DisableThreadLibraryCalls
Sleep
CloseHandle
CreateProcessA
ReadFile
WriteFile

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

ws2_32

htons
WSAStartup
sendto
recv
recvfrom
accept
htonl
bind
listen
socket
connect
ioctlsocket
getsockname
WSACleanup
gethostbyname
select
WSAGetLastError
setsockopt
closesocket
ntohs
shutdown
WSASetLastError
send
inet_addr
inet_ntoa
__WSAFDIsSet

msvcrt

strchr
strlen
__CxxFrameHandler
_EH_prolog
_strnicmp
strcmp
atoi
fgets
_stricmp
fclose
strstr
fopen
printf
sprintf
free
malloc
_initterm
sscanf
strncpy
__dllonexit
_adjust_fdiv
??2@YAPAXI@Z
_onexit
strncmp
abort
memchr
tolower
signal
fputs
_fileno
getenv
_except_handler3
_getch
fseek
ftell
_setmode
fflush
fread
_errno
gmtime
_ftol
fprintf
_beginthreadex
_endthreadex
strerror
bsearch
qsort
_isctype
__mb_cur_max
_pctype
_iob
_vsnprintf
fwrite
time
memmove
atol
_stat
localtime
realloc
rand

user32

SendMessageA
GetWindowTextLengthA

Exports

Exports

vidc20_command
vidc20_create
vidc20_delete
vidc20_start
vidc20_stop

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4e1567b72e4760f43871844d4a66f79

Headers

File Characteristics

Imports

kernel32

msvcp60

ws2_32

msvcrt

user32

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 440KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 120KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 444KB - Virtual size: 440KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 120KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 36KB - Virtual size: 33KB