d9bc9c8da0432d45f913d5578a5d601081442cbfa1d9b6e2b186333bb895a81c

Sharing

Copy URL

Twitter E-mail

General

Target

d9bc9c8da0432d45f913d5578a5d601081442cbfa1d9b6e2b186333bb895a81c
Size

344KB
MD5

2b622c2fcc62091a17811bf6b9fdc20b
SHA1

aab7078b5a5c2c1dd4f989673caa310cdd1947a2
SHA256

d9bc9c8da0432d45f913d5578a5d601081442cbfa1d9b6e2b186333bb895a81c
SHA512

717c1ae7f2bc88ac97f05c46f72836237e99ee1744af214f2ecc7da8cb7e7de383f26728d1ea92a4f1f8e62ac16cfa97427e6852c05a66aeeeb38c579cc58ad1
SSDEEP

3072:hDk4l5AyObaLOBoz2WR+pFgcSfSYNxn10yn7Uj+38Nf:hDk4l5Ay+lW4pF0aYNxGyn7j34f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9bc9c8da0432d45f913d5578a5d601081442cbfa1d9b6e2b186333bb895a81c

Files

d9bc9c8da0432d45f913d5578a5d601081442cbfa1d9b6e2b186333bb895a81c
.dll windows:4 windows x86

1162b662da5c2ab68a7c236894d8979a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord858
ord5710
ord535
ord356
ord941
ord4129
ord2764
ord2915
ord2777
ord939
ord2818
ord4202
ord859
ord5683
ord823
ord825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord537
ord1182
ord1577
ord1168
ord1575
ord1176
ord353
ord3318
ord5442
ord1979
ord665
ord861
ord4204
ord6662
ord4278
ord6283
ord6282
ord6569
ord6648
ord4058
ord924
ord2781
ord3178
ord3181
ord6877
ord1980
ord2770
ord668
ord860
ord540
ord802
ord542
ord800
ord940
ord1116

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
strtok
_ftol
_iob
fflush
_mbsrchr
time
srand
_initterm
memcpy
atoi
strlen
sprintf
memset
free
malloc
strcat
strcpy
_mbsicmp
rand
toupper
wcslen
_adjust_fdiv
??1type_info@@UAE@XZ
_mbscmp
__CxxFrameHandler
printf

kernel32

GetProcAddress
LocalAlloc
GetComputerNameA
lstrlenA
GetTempPathA
Sleep
CreateProcessA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrcatA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
SetFileAttributesA
GetDiskFreeSpaceA
DeleteFileA
MoveFileA
WaitForSingleObject
SetFilePointer
WriteFile
FormatMessageA
LocalFree
lstrcmpiA
CreateDirectoryA
CopyFileA
CreateFileA
AreFileApisANSI
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetLogicalDriveStringsA
GetDriveTypeA
SetVolumeMountPointA
GetLastError
CloseHandle
SetPriorityClass
GetFileAttributesA
GetModuleHandleA
OutputDebugStringA
GetCurrentProcess

user32

FindWindowA
GetWindowThreadProcessId

advapi32

LsaClose
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegLoadKeyA
RegUnLoadKeyA
RegQueryInfoKeyA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
LsaOpenPolicy
LookupPrivilegeValueA
LsaFreeMemory
LsaNtStatusToWinError
LsaEnumerateAccountRights
LookupAccountNameA

shell32

SHChangeNotify
ShellExecuteA
SHGetFileInfoA

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

shlwapi

SHDeleteKeyA
PathFileExistsA

netapi32

NetUserGetLocalGroups
NetUserEnum
NetUserGetInfo
NetApiBufferFree

Exports

Exports

FCB_RunDll

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1162b662da5c2ab68a7c236894d8979a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp60

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 260KB - Virtual size: 270KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 260KB - Virtual size: 270KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB