afa8e8da09db0a38e36a3d3ae6077476

Sharing

Copy URL Twitter E-mail

General

Target

afa8e8da09db0a38e36a3d3ae6077476
Size

105KB
MD5

afa8e8da09db0a38e36a3d3ae6077476
SHA1

387c3b0820ee072e63d4c475da2885cc83082b80
SHA256

da0cab1d818c7dca13d7abbef2e9d840b92bf1f12ef14b24a5fa5f7fad3f1614
SHA512

1a0b382a472ea43ca2db8d16113379fb66f65d146119a6f7569a33c234222d153e2ae12d9afdeead4a30dc1235a72af3e51625e591b8a30b81395bfab95f05b9
SSDEEP

1536:BqUmgGAPhUeHSsu0joZmOB/BtG9z8vcYzi73PHAS77gih/3WklS9ncobUfsjPZwF:4UmgGAyeFFKO1rp/xlSrnZwxl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afa8e8da09db0a38e36a3d3ae6077476

Files

afa8e8da09db0a38e36a3d3ae6077476
.dll windows:6 windows x86 arch:x86

aad3527fa559abed3cf2a5f4e6690178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord14
ord19
ord29
ord41
ord42
ord149

wsock32

ord1115
ord1114
MigrateWinsockConfiguration
ord1140
WSAAsyncGetHostByAddr
ord1107
WSAUnhookBlockingHook
accept
ord1103
ord1105

pdh

PdhEnumObjectsA
PdhLookupPerfNameByIndexW
PdhSetCounterScaleFactor
PdhValidatePathW
PdhVbGetCounterPathElements

mscms

CreateColorTransformA
CreateMultiProfileTransform
EnumColorProfilesA
GetCMMInfo
GetColorProfileFromHandle
OpenColorProfileA
SetColorProfileElement
SetStandardColorSpaceProfileA

mapi32

ord195
ord14
ord62
ord147
ord8

wininet

FindNextUrlCacheEntryExA
FtpDeleteFileA
FtpPutFileW
GetUrlCacheConfigInfoW
HttpEndRequestA
InternetShowSecurityInfoByURL
SetUrlCacheEntryGroup

kernel32

CloseHandle
CreateFileMappingW
CreateFileW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
EnumSystemCodePagesW
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MapViewOfFile
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RtlUnwind
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

qxpeid

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aad3527fa559abed3cf2a5f4e6690178

Headers

File Characteristics

Imports

msi

wsock32

pdh

mscms

mapi32

wininet

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 424B

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 424B