9ddc2c80a6c3d53e17431f871d472efd7d328285d5acd9a7288797487f7451f9

Sharing

Copy URL Twitter E-mail

General

Target

9ddc2c80a6c3d53e17431f871d472efd7d328285d5acd9a7288797487f7451f9
Size

1.2MB
MD5

a94556de48002f25eb60a05ff11c8815
SHA1

3828659d756aab2824a609126b705d26b4a6fd4f
SHA256

9ddc2c80a6c3d53e17431f871d472efd7d328285d5acd9a7288797487f7451f9
SHA512

c3c58805f6837ffacc8aea20a8554585688c332457f177502bee4f551802399d9459125240a1d8553a6bf322531b75cc657e26307ae6641cf396ef9039d6a482
SSDEEP

24576:34aQgYjVEbQeT+p2OqwBIf/AjwEaJSuB34UOGX7LXmW2a/DFXfv:3vKexOkYsyy34YmJabFXfv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ddc2c80a6c3d53e17431f871d472efd7d328285d5acd9a7288797487f7451f9

Files

9ddc2c80a6c3d53e17431f871d472efd7d328285d5acd9a7288797487f7451f9
.dll windows:4 windows x86

322883533d475162bfca2605158dca62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

ws2_32

WSAStartup
inet_ntoa
ntohs
gethostname
WSACleanup
connect
htons
inet_addr

kernel32

lstrcpyA
lstrlenA
MultiByteToWideChar
GlobalAlloc
SetLastError
lstrcatA
GetVersion
CreateThread
DeleteCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
HeapCreate
GetVersionExA
GetCurrentProcess
GetLastError
WriteFile
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
HeapAlloc
InitializeCriticalSection
RtlMoveMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
LocalSize
GetModuleHandleA
LoadLibraryA
GetProcAddress
LCMapStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetCommandLineA
DeleteFileA
SetFileAttributesA
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetTickCount
Sleep
IsBadReadPtr
HeapFree
HeapReAlloc
ExitProcess
GetProcessHeap
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
LocalFree

user32

GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
UnregisterClassA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetDC
ReleaseDC
GetClassNameA
SendMessageA
GetWindowRect
GetSystemMetrics
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RestoreDC
SaveDC
CreateBitmap
GetObjectA
GetStockObject
GetDeviceCaps
SelectObject
DeleteDC
SetBkColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteObject

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegOpenKeyExA

gdiplus

GdiplusStartup

iphlpapi

GetAdaptersInfo

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

msvcrt

strncpy

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

_U3D_Free
_U3D_GenerateGlobalSerial
_U3D_Initialize
_U3D_LoadTexsure

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

322883533d475162bfca2605158dca62

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

gdiplus

iphlpapi

winspool.drv

comctl32

msvcrt

psapi

shell32

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 336KB

.vmp Size: 860KB - Virtual size: 860KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.vmp Size: 4KB - Virtual size: 4KB

.text
Size: 336KB - Virtual size: 336KB

.vmp
Size: 860KB - Virtual size: 860KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.vmp
Size: 4KB - Virtual size: 4KB