beb79349a467bd9cdba8a60625b614918a1e73dd1a7900db1953251dce6a8c5a

Sharing

Copy URL Twitter E-mail

General

Target

beb79349a467bd9cdba8a60625b614918a1e73dd1a7900db1953251dce6a8c5a
Size

1.8MB
MD5

23715e61e778c95db4958808ff746c1b
SHA1

79ecd7f5c6faca1fbbc0074c1587923023a4a609
SHA256

beb79349a467bd9cdba8a60625b614918a1e73dd1a7900db1953251dce6a8c5a
SHA512

4382639abbe82b48b6d0c42dacf4e65168abcf3ad34dc8100cc5b17ec83a6eece76670bd0a42626bafcdca548d466716a0a3b4c45b20733eda1b381924311fd7
SSDEEP

49152:qZt9EI5qbgNdoJTkB7QfFMuXsI5xlyN7+f3dxsZ:q9EI5qbgNF7Ssyx1fN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beb79349a467bd9cdba8a60625b614918a1e73dd1a7900db1953251dce6a8c5a

Files

beb79349a467bd9cdba8a60625b614918a1e73dd1a7900db1953251dce6a8c5a
.dll windows:5 windows x86

26c43434f94061a1f25d058ef9015d4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100

ord8235
ord6207
ord6098
ord5432
ord8234
ord2841
ord2939
ord3758
ord1271
ord4343
ord7214
ord8776
ord2611
ord5803
ord6213
ord5821
ord8453
ord4782
ord6316
ord2067
ord2063
ord310
ord995
ord2916
ord2763
ord8226
ord6352
ord11882
ord2061
ord6070
ord4131
ord11939
ord11940
ord3486
ord12790
ord341
ord11941
ord917
ord1900
ord4341
ord6054
ord1929
ord3970
ord6295
ord4345
ord5204
ord7322
ord788
ord3421
ord943
ord1210
ord3429
ord2613
ord2744
ord8224
ord919
ord6836
ord4340
ord12128
ord4554
ord337
ord6970
ord5207
ord1316
ord3738
ord5444
ord895
ord3390
ord11924
ord2183
ord2184
ord5774
ord5776
ord3439
ord316
ord4283
ord1448
ord1982
ord5837
ord7889
ord11103
ord11060
ord2846
ord1313
ord2742
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14058
ord14062
ord14045
ord13972
ord13973
ord8222
ord11025
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord5176
ord3365
ord7211
ord3744
ord8228
ord5302
ord5858
ord7871
ord1012
ord4785
ord3253
ord3251
ord3361
ord3250
ord3354
ord13219
ord12344
ord6971
ord322
ord13518
ord7927
ord7491
ord6678
ord12168
ord4553
ord11107
ord381
ord9318
ord7859
ord3739
ord2743
ord8223
ord1495
ord4371
ord4413
ord4404
ord5278
ord5780
ord1011
ord2409
ord13280
ord3431
ord2614
ord7862
ord3743
ord2776
ord8227
ord5857
ord6314
ord1251
ord2935
ord2828
ord6083
ord11949
ord6090
ord8465
ord8231
ord3755
ord2838
ord1263
ord6601
ord7933
ord6288
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord3484
ord2945
ord2944
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord5777
ord901
ord915
ord6680
ord9475
ord1294
ord385
ord6969
ord12962
ord1297
ord323
ord3356
ord9445
ord12438
ord12170
ord3357
ord8554
ord3241
ord13045
ord1437
ord11781
ord7487
ord5242
ord305
ord2626
ord10852
ord5007
ord13048
ord7206
ord14060
ord12440
ord12868
ord3254
ord3373
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord11108
ord8330
ord8305
ord948
ord946
ord374
ord968
ord265
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord1296

msvcr100

memchr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_strdate
fread
atof
strftime
strtol
strchr
memcpy
srand
rand
fgets
fputs
__iob_func
_time64
_localtime64
_i64toa
_atoi64
atoi
_strtime
_CIsqrt
strtok
memmove
strstr
fopen
fseek
fwrite
fflush
fclose
sprintf
_resetstkoflw
_recalloc
calloc
memset
memcpy_s
free
malloc
__CxxFrameHandler3

kernel32

HeapReAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
GetProcessHeap
DeleteCriticalSection
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
GetCurrentThreadId
SetWaitableTimer
CopyFileA
GetVersionExA
GetCurrentProcess
ActivateActCtx
DeactivateActCtx
SetLastError
LoadLibraryA
SetProcessWorkingSetSize
GetProcAddress
CreateWaitableTimerA
GetModuleFileNameA
VirtualQueryEx
VirtualProtectEx
OpenProcess
GetCurrentDirectoryA
ReadProcessMemory
WriteProcessMemory
CreateDirectoryA
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFree
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetModuleHandleA
GetTickCount
Sleep
DeleteFileA
lstrlenA
MultiByteToWideChar
CreateThread
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedExchange

user32

GetClientRect
SendMessageA
PtInRect
EnableWindow
InvalidateRect
LoadBitmapW
GetParent
CallWindowProcA
SetWindowLongA
FrameRect
FillRect
OffsetRect
GetSysColor
SetWindowsHookExA
MsgWaitForMultipleObjects
PeekMessageA
IsWindow
DestroyWindow
PostQuitMessage
SetWindowTextA
ExitWindowsEx
SetWindowRgn
CallNextHookEx
UnhookWindowsHookEx
ShowWindow
SetForegroundWindow
GetTopWindow
GetWindowThreadProcessId
CopyRect
GetForegroundWindow
GetKeyState
GetWindow
FindWindowA
EnumWindows
GetWindowTextA
MapVirtualKeyA
GetKeyNameTextA
KillTimer
IsWindowVisible
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
MapWindowPoints
MoveWindow
GetDC
GetSystemMetrics
GetWindowRect
LoadImageA
DrawIconEx

gdi32

GetObjectA
RoundRect
CreateCompatibleDC
StretchBlt
CreatePen
CreateSolidBrush
CreateRoundRectRgn
Ellipse
SetBkMode
CreateBitmap
GetTextExtentPoint32A
TextOutA
CreateCompatibleBitmap
CreateDIBSection
DeleteObject
SetDIBColorTable
CreatePatternBrush
GetDIBColorTable
DeleteDC
GetStockObject
GetTextMetricsA
BitBlt
Rectangle
GetTextColor
SelectObject

msimg32

AlphaBlend
TransparentBlt

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathIsDirectoryA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

urlmon

URLDownloadToFileA

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

wininet

DeleteUrlCacheEntry

winmm

timeGetTime
PlaySoundA

psapi

GetProcessMemoryInfo

ws2_32

WSACleanup
closesocket
recv
send
connect
htons
socket
gethostbyname
WSAStartup

msvcr100d

_itoa

Exports

Exports

hook

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6w,
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26c43434f94061a1f25d058ef9015d4d

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

msimg32

advapi32

shlwapi

ole32

oleaut32

urlmon

gdiplus

wininet

winmm

psapi

ws2_32

msvcr100d

Exports

Exports

Sections

.text Size: 578KB - Virtual size: 578KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 2KB - Virtual size: 1.1MB

.6w, Size: 994KB - Virtual size: 994KB

.reloc Size: 68KB - Virtual size: 67KB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 578KB - Virtual size: 578KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 2KB - Virtual size: 1.1MB

.6w,
Size: 994KB - Virtual size: 994KB

.reloc
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 70KB - Virtual size: 70KB