00cb70975ab4d43012a4906609a66e6537af4f029124718c2ac0c0839a0b71b4

Sharing

Copy URL Twitter E-mail

General

Target

00cb70975ab4d43012a4906609a66e6537af4f029124718c2ac0c0839a0b71b4
Size

3.1MB
MD5

3cb40d61a803cddcc7c6c179967d470c
SHA1

08a0001e30a172088a1610eb4091cc1789dd83fa
SHA256

00cb70975ab4d43012a4906609a66e6537af4f029124718c2ac0c0839a0b71b4
SHA512

050077e4dcd62c1e5142797087aab9d73e1df0a49f023d296f43b85c467a498dff23d43b39926def9eba4f4398d206b699970610e6259f87b680b3a0c7b88d1a
SSDEEP

24576:F69gq4J0lGllJNvTYEtrWfM8iqWKzoLmLJtaBND+jfmi7Va9ISnBVh:A9gq4JQGllJNbYcVqWUJUBx+vA9IMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00cb70975ab4d43012a4906609a66e6537af4f029124718c2ac0c0839a0b71b4

Files

00cb70975ab4d43012a4906609a66e6537af4f029124718c2ac0c0839a0b71b4
.dll windows:1 windows x64

4ca029b112fd43df08ef461c9b0f6ec6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

ReportEventA
RegisterEventSourceA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
DeregisterEventSource

kernel32

WriteFile
LoadLibraryA
HeapReAlloc
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
FindFirstFileA
FindClose
ExitProcess
DisableThreadLibraryCalls

user32

wvsprintfA
MessageBoxA

Exports

Exports

JNI_CreateJavaVM
JNI_GetCreatedJavaVMs
JNI_GetDefaultJavaVMInitArgs

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jidata
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jedata
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.config
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca029b112fd43df08ef461c9b0f6ec6

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 395KB - Virtual size: 396KB

.bss Size: - Virtual size: 92KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.jidata Size: 43KB - Virtual size: 44KB

.idata Size: 1024B - Virtual size: 4KB

.jedata Size: 26KB - Virtual size: 28KB

.edata Size: 512B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 8KB

.config Size: 512B - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 395KB - Virtual size: 396KB

.bss
Size: - Virtual size: 92KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.jidata
Size: 43KB - Virtual size: 44KB

.idata
Size: 1024B - Virtual size: 4KB

.jedata
Size: 26KB - Virtual size: 28KB

.edata
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB

.config
Size: 512B - Virtual size: 4KB