7cf507dc6749c5f7ce2cf30eec4606a69bb4c2679f11a100f8d8e25a6c00d024

Sharing

Copy URL Twitter E-mail

General

Target

7cf507dc6749c5f7ce2cf30eec4606a69bb4c2679f11a100f8d8e25a6c00d024
Size

116KB
MD5

9719199d61e192624c1b40e2b3a49aa7
SHA1

bd950ff650e88f5cc1faefb3e3697c7f4060e63c
SHA256

7cf507dc6749c5f7ce2cf30eec4606a69bb4c2679f11a100f8d8e25a6c00d024
SHA512

bda02098d44eb3d549e2bd43184766c052df2b3cecfd2fbdfc092251509d48c6e8842540dadbf9ebf0cfe473f987806cbff931befb2d092de2b3bf26cda34b95
SSDEEP

1536:+OPc7A0WVreyUPumGr05T2MJUpYi+wR5PF7C7otm7X:NH3reyUPumLFVuXF7Cst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cf507dc6749c5f7ce2cf30eec4606a69bb4c2679f11a100f8d8e25a6c00d024

Files

7cf507dc6749c5f7ce2cf30eec4606a69bb4c2679f11a100f8d8e25a6c00d024
.dll windows:4 windows x86

06e464c5eb409b0e38fd9fb2f6922470

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

FindWindowExA
wsprintfA
MessageBoxA
SetWindowTextA
SetTimer

kernel32

SetHandleCount
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
IsBadStringPtrA
GetCurrentProcess
OpenProcess
TerminateProcess
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
OpenFileMappingA
MapViewOfFile
RtlMoveMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
LCMapStringA
FreeLibrary
GetCommandLineA
GetVersion
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
RaiseException
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
SetStdHandle
FlushFileBuffers

ws2_32

WSAStartup

Exports

Exports

zhuxian

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06e464c5eb409b0e38fd9fb2f6922470

Headers

File Characteristics

Imports

user32

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 28KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 28KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 5KB