ce76d4c081607fbd752716108d3c8284

Sharing

Copy URL Twitter E-mail

General

Target

ce76d4c081607fbd752716108d3c8284
Size

418KB
MD5

ce76d4c081607fbd752716108d3c8284
SHA1

3ffc03fd63484be1f4129d0a221e9d52c92a0db9
SHA256

cf3c98b249e89259aa094d6f340201f4400f76eabea7624ed95059d73700801f
SHA512

3a15c129f5cd111ac3816d04b4076fc0bddce604e9607a25d5a98bb06448ae7e87bfa9f0c73ea193290210d8209b6a58694608ea970b593be23337829530af4f
SSDEEP

6144:tZI2nk+s6o/jpRQ+Vt7o8Eaq3hpwVlFMqRJdH9s:ta2nk+sJrg+VBo8yhpwVUKJdH9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce76d4c081607fbd752716108d3c8284

Files

ce76d4c081607fbd752716108d3c8284
.dll windows:5 windows x86 arch:x86

94a9dc14d9ee2ba4c0bbef8efcdcb116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptMsgUpdate
CryptMsgOpenToDecode

kernel32

GetModuleHandleA
WideCharToMultiByte
HeapSetInformation
BackupSeek
DeleteFileA
LocalFree
TerminateProcess
IsDBCSLeadByteEx
GetACP
GetConsoleOutputCP
SetEvent
FreeLibrary
lstrlenW
GetProcessHeap
GetProcAddress
WaitForSingleObject
WaitCommEvent
LoadLibraryW
CreateFileW
GetStringTypeW
VirtualFree
GetStartupInfoA
CreateDirectoryExA
TlsSetValue
InterlockedPopEntrySList
ExitProcess
LeaveCriticalSection
GetLastError
CloseHandle
MultiByteToWideChar
CreateDirectoryW
BackupRead
GetPrivateProfileStringA
SetFilePointer
TlsGetValue
CreateFileMappingW
LocalAlloc
EnterCriticalSection
CopyFileExA
GetModuleHandleExW
CreateFileMappingA
GetSystemTimeAsFileTime
WriteFile
lstrlenA
HeapFree
HeapAlloc
CreateEventW
GetCurrentProcess
AddAtomW
GetCommandLineW
LocalLock
DeleteFileW
Sleep
GetCurrentThreadId

user32

DestroyIcon
ShowOwnedPopups
PtInRect
DdeCreateStringHandleW
ToAscii
GetParent
GetWindowRgnBox
GetCapture
SendDlgItemMessageA
MoveWindow
CharNextW
GetLastActivePopup
CloseDesktop
IsIconic
OpenDesktopW
RedrawWindow
SendMessageA
BringWindowToTop
CharNextA
WinHelpA
DestroyMenu
GetDlgItemTextA
SetRectEmpty
IsRectEmpty
wsprintfA
GetDlgItem
GetWindow
SetDlgItemTextA

msvcrt

_amsg_exit
_vsnwprintf
_wcsdup
_cexit
_ismbblead
isspace
_wgetenv
exit

advapi32

ConvertSidToStringSidW
LookupAccountSidW
GetLengthSid

Exports

Exports

ExtrenumDown
ServiceMain
empty
peek
pop
push
reduction2
state10
state2
state4
state5
state6
state7
state8
testMain

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94a9dc14d9ee2ba4c0bbef8efcdcb116

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 11KB - Virtual size: 11KB