6359e91180b699984ecd5c0ff4d68007520e2ecedb78e51c20e25698bafd79ee

Sharing

Copy URL Twitter E-mail

General

Target

6359e91180b699984ecd5c0ff4d68007520e2ecedb78e51c20e25698bafd79ee
Size

19KB
MD5

b46e21a76ab388468463ad83af99abc8
SHA1

db474a73c3f901a5effe36c37662b53c0bf43a7c
SHA256

6359e91180b699984ecd5c0ff4d68007520e2ecedb78e51c20e25698bafd79ee
SHA512

6c624d5b72bff569614ed8cac6a208830909383c0cd227294dce468d45e66fc3546311829aa57fb20bb19f00cf652a0a749870f124be59d15a02ed2ffc8b7462
SSDEEP

384:7wnKapTBqYUMhTld2AAQag7IcNt+bQBovK0vtzexWO1u/vnV:7mTj52A8g7Icz061MtqxWO18vnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6359e91180b699984ecd5c0ff4d68007520e2ecedb78e51c20e25698bafd79ee

Files

6359e91180b699984ecd5c0ff4d68007520e2ecedb78e51c20e25698bafd79ee
.dll windows:5 windows x86 arch:x86

bbb1c91fad9dfb620b3f4e0b8cf22500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
ReadProcessMemory
GetCurrentProcess
OpenProcess
DeviceIoControl
DuplicateHandle
CreateEventA
GetCurrentProcessId
GetProcessHeap
CloseHandle
UnmapViewOfFile
GetCommandLineA
FreeLibrary
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

ws2_32

closesocket
getsockopt
getsockname
ntohs
socket

msvcr90

sprintf_s
strcpy_s
memcpy_s
qsort
memset
__CxxFrameHandler3
_stricmp
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??3@YAXPAX@Z
??2@YAPAXI@Z
strrchr
strncpy_s

Exports

Exports

??4CMPorts@@QAEAAV0@ABV0@@Z
QueryModuleObj
ReleaseObj

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbb1c91fad9dfb620b3f4e0b8cf22500

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

msvcr90

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1008B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1008B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 904B