0fe8ae3cab77dc2e1e0f6bc47f9c94bc

Sharing

Copy URL

Twitter E-mail

General

Target

0fe8ae3cab77dc2e1e0f6bc47f9c94bc
Size

1.0MB
MD5

0fe8ae3cab77dc2e1e0f6bc47f9c94bc
SHA1

b9860b8b36735fc0b37472ef4de0b1510fbb61b0
SHA256

238fa968ea18bf8ee6737880083f39c3b239c91084bbf6dafa23eb050f31b3f9
SHA512

8818f1a60d192384059e084206f95cabb06b186422c1dd1904b9b47ef7e5ae07729eceb70908fb9c4a4102a3597faad19d47451e3962a259b2727eae45a3e28a
SSDEEP

24576:vPmUt5u2f8THLYM2UGGcOzDDqkB02DRbNRYilN3xa0vvw6xPrvuygaPkbDf59cMZ:HmKutTHLYMXrDuwprRYilN3xa0vvw6lT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0fe8ae3cab77dc2e1e0f6bc47f9c94bc

resource
0fe8ae3cab77dc2e1e0f6bc47f9c94bc

Files

0fe8ae3cab77dc2e1e0f6bc47f9c94bc
.dll windows:6 windows x86 arch:x86

02c91e33173f75e5148206517cd3d05e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationW
VirtualProtect
EnterCriticalSection
GetModuleFileNameW
InitializeCriticalSection
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
CreateEventW
FileTimeToLocalFileTime
OpenMutexW
CreateFileW
CloseHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
EncodePointer
DecodePointer
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GetStringTypeW
CompareStringW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
HeapReAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW

ws2_32

WSACleanup
WSAWaitForMultipleEvents
WSAStartup
WSASocketW
WSAConnect
WSAAddressToStringW
WSACloseEvent

tapi32

lineHold
lineRedirectW
lineShutdown
lineOpenW
lineClose
lineInitializeExW
lineTranslateAddressW
lineAccept
lineTranslateDialogW

Exports

Exports

Every
HalfSilver
Misssheet
Pastour
Sleepeast
Totalget

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c91e33173f75e5148206517cd3d05e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

tapi32

Exports

Exports

Sections

.text Size: 454KB - Virtual size: 453KB

.rdata Size: 596KB - Virtual size: 596KB

.data Size: 3KB - Virtual size: 646KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 454KB - Virtual size: 453KB

.rdata
Size: 596KB - Virtual size: 596KB

.data
Size: 3KB - Virtual size: 646KB

.reloc
Size: 7KB - Virtual size: 7KB