9c1a85f587879a484596be7cf2e054cb8aa03786eef90cc0bf10b51d187c6b9f

Sharing

Copy URL Twitter E-mail

General

Target

9c1a85f587879a484596be7cf2e054cb8aa03786eef90cc0bf10b51d187c6b9f
Size

1.7MB
MD5

48c2c621247ca7915f387f5fc49845d7
SHA1

b3be634d5d3b632f6c8125eae2ba9279512dace5
SHA256

9c1a85f587879a484596be7cf2e054cb8aa03786eef90cc0bf10b51d187c6b9f
SHA512

63387581e8b76f58658ff8ea3f0ccdf0772cdfaa1a7b618cc1221c31ecec9c39a4511b63d649ed6b4b502c2cfbb4f3a7d3eb2b097d6a1f9a56a7b6da3429bc10
SSDEEP

24576:U7Cyb95ZPpp7g7vnKKx+jyGYIXyEqC4pWQuk6YEIYM3mB8RAoAN3r0Bm03Ooc8dy:Yx95xppc7vXGYIqCTWYMpmoADJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c1a85f587879a484596be7cf2e054cb8aa03786eef90cc0bf10b51d187c6b9f

Files

9c1a85f587879a484596be7cf2e054cb8aa03786eef90cc0bf10b51d187c6b9f
.dll windows:5 windows x86

b76f1059fb3adbb21284e30926e71474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
WSACreateEvent
WSACloseEvent
recv
connect
bind
WSACleanup
WSAEventSelect
WSAResetEvent
WSAStartup
getaddrinfo
freeaddrinfo
getsockname
WSAAddressToStringA
WSASetLastError
WSAStringToAddressA
shutdown
inet_ntoa
gethostbyname
WSAGetLastError
closesocket
send
setsockopt
WSAIoctl
htons
ntohs
gethostname

iphlpapi

GetIfTable
GetAdaptersInfo

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
ExitThread
EncodePointer
UnhandledExceptionFilter
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetACP
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
LoadLibraryW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
HeapSize
GetStringTypeW
CreateFileW
CreateEventA
VirtualFree
VirtualAlloc
Sleep
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetLastError
lstrlenA
lstrcpyA
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetTickCount
GetSystemDirectoryA
GetModuleFileNameA
MultiByteToWideChar
LocalFree
LocalSize
LocalAlloc
WinExec
CreateProcessA
lstrcatA
ExpandEnvironmentStringsA
GetCurrentProcessId
ReadFile
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
ExitProcess
DeleteFileA
GetFileAttributesA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
CreateThread
GetSystemInfo
GlobalMemoryStatusEx
WaitForSingleObject
ReleaseMutex
CreateMutexA
GetPrivateProfileIntA
GetCommandLineA
GetCurrentThreadId
GetLocalTime
IsDebuggerPresent
HeapReAlloc
VirtualProtect
HeapFree
GetProcessHeap
HeapAlloc
ResetEvent
SetEvent
QueryPerformanceCounter
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
CreateDirectoryA
CreateFileMappingA
InterlockedDecrement
InterlockedCompareExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapDestroy
InterlockedIncrement
WideCharToMultiByte
GetModuleHandleA
MapViewOfFileEx
SwitchToThread
UnmapViewOfFile
RtlUnwind
GetModuleHandleW
DecodePointer

user32

ChangeDisplaySettingsA
GetSystemMetrics
EnumChildWindows
GetWindowTextA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetClassNameA
FindWindowExA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SendMessageA
MessageBoxA
ExitWindowsEx
wsprintfA
DispatchMessageA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteA
SHGetSpecialFolderPathA

oleaut32

VariantClear
VariantInit

shlwapi

StrPBrkA
StrChrA

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime

Exports

Exports

Thread
shisanfeng

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b76f1059fb3adbb21284e30926e71474

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

advapi32

kernel32

user32

ole32

shell32

oleaut32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB