c0883226b26120a7ae63f89b6bdb71efd9a5f0730c2a57d55c9557c7ed7a1500

Sharing

Copy URL Twitter E-mail

General

Target

c0883226b26120a7ae63f89b6bdb71efd9a5f0730c2a57d55c9557c7ed7a1500
Size

7.0MB
MD5

17deaefe34daac1c5cd419d04f82b3fa
SHA1

20c5a553c14543690c3b4b5ebb3a42dc7692a661
SHA256

c0883226b26120a7ae63f89b6bdb71efd9a5f0730c2a57d55c9557c7ed7a1500
SHA512

582eee356a5ffd3bc44d1e60676c6e1585e35204b3f27b564b6ea1b9705d01291e022bd556144ebdecc22ca829b9c6247b55f2983c13e79270f8f38bf1a1b71c
SSDEEP

98304:fRF1s/WjaxFTOyHTaxMXdlwT0yUVNlClAReedNEDwVczRMlXKW7NHo/OKG8:p2rxOyHTa+XfO8HlJRe2iDwV1d9oxG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0883226b26120a7ae63f89b6bdb71efd9a5f0730c2a57d55c9557c7ed7a1500

Files

c0883226b26120a7ae63f89b6bdb71efd9a5f0730c2a57d55c9557c7ed7a1500
.dll windows:5 windows x86

cc2a1db16508329feefa7227fc4f7529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateFileW
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcess
GetPrivateProfileStringA
GetModuleHandleA
CreateFileA
SetFileTime
WriteFile
GetFileAttributesA
GetFileAttributesW
ReadFile
lstrcatA
FindFirstFileA
lstrcmpiA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
GetNativeSystemInfo
InterlockedDecrement
LocalAlloc
InterlockedIncrement
LoadLibraryW
SetFilePointer
FreeResource
MapViewOfFile
FindResourceExW
FindResourceW
LoadResource
CreateProcessW
VerSetConditionMask
MoveFileExW
GetModuleHandleExW
CreateDirectoryW
WaitForSingleObject
ExpandEnvironmentStringsA
WideCharToMultiByte
SizeofResource
GetVersionExW
GetModuleFileNameW
GetSystemDirectoryA
MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetTempPathW
VerifyVersionInfoW
CreateDirectoryA
CreateFileMappingA
LockResource
GetModuleFileNameA
WinExec
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
GetSystemDirectoryW
GetModuleHandleW
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
IsBadReadPtr
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
FreeLibrary
lstrcpyA
LocalFree
OutputDebugStringA
GetLastError
FormatMessageA
GetTickCount
OutputDebugStringW
CreateMutexW
lstrlenA
CompareStringW
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
SleepEx
InitializeCriticalSection
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
RtlUnwind
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
ExitProcess
HeapSize
IsProcessorFeaturePresent
HeapReAlloc
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError

user32

MessageBoxA
wsprintfW

advapi32

ControlService
StartServiceW
CreateServiceA
OpenSCManagerW
DeleteService
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegCreateKeyExW
SetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegOpenKeyExA
LookupPrivilegeValueW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegQueryValueExW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathAddBackslashA
PathRemoveFileSpecA
PathRemoveExtensionA
PathAddExtensionA
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW
PathAppendA
PathAppendW
PathFindFileNameA

ws2_32

WSAGetLastError
recv
send
setsockopt
getsockname
ntohs
bind
htons
WSACleanup
getpeername
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
gethostname
getsockopt
WSAStartup

Exports

Exports

dll_run

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc2a1db16508329feefa7227fc4f7529

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 293KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 286KB - Virtual size: 294KB

.rsrc Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 286KB - Virtual size: 294KB

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 31KB - Virtual size: 30KB