46e341d8ad16a3b565379df46703997cef7c2393092d124e664a4ffb70163866

Sharing

Copy URL Twitter E-mail

General

Target

46e341d8ad16a3b565379df46703997cef7c2393092d124e664a4ffb70163866
Size

5.2MB
MD5

b92816c383884fbaeab05e380b1c1df8
SHA1

8edabf61715c2903807056bbf0465df1e38431ef
SHA256

46e341d8ad16a3b565379df46703997cef7c2393092d124e664a4ffb70163866
SHA512

a4621ecf4d0e2c5f8d87dd5820b0c1fb6cbaab47610c9a26e3f44a1330ae55ef3c49f3602d4632c00b024a22db45e1c3bd5c81fd65d202c4a266daa977ef2e5d
SSDEEP

98304:4g9da0Wuais6pXeDUsOgdGID/cdgrvEoY/nIKjxDnDji6HaQ/tt11W2Zx0:HvbXJmD/kgrvKjDPi6BtVW2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46e341d8ad16a3b565379df46703997cef7c2393092d124e664a4ffb70163866

Files

46e341d8ad16a3b565379df46703997cef7c2393092d124e664a4ffb70163866
.dll windows x86

b0a7a71be0cffd7e5c6c326e9d94ce91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetTickCount
GetVersionExA
GetModuleFileNameA
Sleep
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
ReadFile
GetFileSize
GetPrivateProfileStringA
WriteFile
DeleteFileA
WritePrivateProfileStringA
GetLocalTime
GetCommandLineA
FreeLibrary
MultiByteToWideChar
LoadLibraryA
LCMapStringA
ExitProcess
VirtualFree
VirtualAlloc
DeleteCriticalSection
CreateThread
lstrcatA
lstrcpyA
lstrlenA
PostQueuedCompletionStatus
InitializeCriticalSection
CreateIoCompletionPort
GetLastError
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
GetQueuedCompletionStatus
GlobalFree
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
RtlMoveMemory
GlobalAlloc
GetModuleHandleA
GetProcessHeap
ReadProcessMemory
VirtualQuery
IsBadReadPtr
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
DeviceIoControl
CreateFileA
OpenProcess
WriteProcessMemory
VirtualProtect
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetClipboardData
EmptyClipboard
CloseClipboard
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
MessageBoxA
wvsprintfA
OpenClipboard
PeekMessageA
ReleaseDC
MessageBoxTimeoutA
GetWindowRect
GetDesktopWindow
GetDC

ws2_32

closesocket
send
gethostbyname
WSAStartup
connect
WSASend
WSARecv
setsockopt
WSAIoctl
WSASocketA
inet_addr
htons
bind
WSACleanup
WSAGetLastError
inet_ntoa
getpeername
listen
recv

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
GetObjectA
GetDIBits
DeleteDC
DeleteObject

advapi32

CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptHashData

shlwapi

PathMatchSpecA
PathFileExistsA
StrToIntExA

ole32

CreateStreamOnHGlobal
CLSIDFromString
GetHGlobalFromStream

gdiplus

GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream

psapi

GetModuleFileNameExA

msvcrt

memcpy
_beginthreadex
strncmp
strncpy
memmove
modf
realloc
strchr
srand
sprintf
free
malloc
atoi
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
strtod
__CxxFrameHandler
_CIfmod
rand
strrchr
floor
_CIpow

Exports

Exports

Init

Sections

.text
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vip0
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vip1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0a7a71be0cffd7e5c6c326e9d94ce91

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

advapi32

shlwapi

ole32

gdiplus

psapi

msvcrt

Exports

Exports

Sections

.text Size: - Virtual size: 228KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 6.2MB

.vip0 Size: - Virtual size: 65KB

.vip1 Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 4KB - Virtual size: 204B

.rsrc Size: 4KB - Virtual size: 728B

.text
Size: - Virtual size: 228KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 6.2MB

.vip0
Size: - Virtual size: 65KB

.vip1
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 4KB - Virtual size: 204B

.rsrc
Size: 4KB - Virtual size: 728B