f89c7b155340510c091d716bc54d9946

Sharing

Copy URL Twitter E-mail

General

Target

f89c7b155340510c091d716bc54d9946
Size

208KB
MD5

f89c7b155340510c091d716bc54d9946
SHA1

ae441b86f959995706770fc5134b819830c0003c
SHA256

fc68cedc28f3e7cb266bb22c4eab56fbdc266930bd56bab894e91f0c48b281a7
SHA512

6f52d7498e6bb69e1667bac47d581c9f8ac1fe1ebefe4776f460bdeb779f7d2c7f27d11a0a6c493729c633f15a6587d4f729c1adde2d296578c6f0ce6704e4c1
SSDEEP

6144:L1TyRICfzZQVG5zLD45eEhIv5KTBIUBuTyEHVa:LQRvfzZQVCHD4kEW5KTCGu2EE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f89c7b155340510c091d716bc54d9946

Files

f89c7b155340510c091d716bc54d9946
.dll windows:6 windows x86 arch:x86

ecea502ae8d6b6cf637b892f3a6b808d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

shlwapi

SHDeleteKeyA

kernel32

HeapAlloc
GetLocalTime
CreateFileMappingA
GetProcessHeap
MapViewOfFile
LocalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
OutputDebugStringA
CreatePipe
GetStartupInfoA
TerminateProcess
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
lstrcmpiA
QueryDosDeviceA
K32GetProcessImageFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
CreateMutexA
SetErrorMode
OpenEventA
ReleaseMutex
FreeConsole
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointerEx
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
HeapFree
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileType
GetStdHandle
HeapReAlloc
LCMapStringW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
MoveFileExA
GetTickCount
GetSystemDirectoryA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
SetLastError
GetModuleFileNameA
CreateDirectoryA
GetDiskFreeSpaceExA
WriteConsoleW
CreateProcessA
LocalReAlloc
RemoveDirectoryA
GetFileSize
LocalFree
GetLogicalDriveStringsA
DeleteFileA
CreateFileA
GetFileAttributesA
GetLastError
LocalAlloc
GetVolumeInformationA
FindClose
SetFilePointer
FindNextFileA
GetDriveTypeA
WriteFile
FindFirstFileA
MoveFileA
ReadFile
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
lstrcatA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
EnterCriticalSection
ResetEvent
lstrcpyA
Sleep
CancelIo
ResumeThread
CreateThread
WaitForSingleObject
SetEvent
CloseHandle
TerminateThread
CreateEventA
GetConsoleCP
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetConsoleMode
DecodePointer
UnmapViewOfFile
CreateFileW
GetCPInfo

user32

SetWindowsHookExA
GetKeyNameTextA
GetActiveWindow
CallNextHookEx
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
wsprintfA
SetCapture
WindowFromPoint
UnhookWindowsHookEx
keybd_event
MapVirtualKeyA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetSystemMetrics
GetCursorInfo
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowTextA
mouse_event
ReleaseDC
SetRect
CharNextA
GetDC
SetCursorPos
GetThreadDesktop
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CreateWindowExA
GetUserObjectInformationA
SetThreadDesktop
ExitWindowsEx
CloseDesktop
OpenDesktopA
OpenInputDesktop
InternalGetWindowText
IsWindow
ShowWindow
PostMessageA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetDesktopWindow

gdi32

CreateDIBSection
SelectObject
DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
QueryServiceConfigA
EnumServicesStatusA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueA

shell32

SHGetFileInfoA

winmm

waveInReset
waveOutWrite
waveInGetNumDevs
waveInOpen
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveInStop
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutClose

ws2_32

select
socket
ntohs
connect
recv
htons
setsockopt
WSAStartup
gethostbyname
closesocket
WSAIoctl
WSACleanup
gethostname
getsockname
send

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage
ICOpen
ICSeqCompressFrame
ICSeqCompressFrameStart

Exports

Exports

FirstRun
MainRun
ServiceMain
TestFun

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecea502ae8d6b6cf637b892f3a6b808d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

imm32

avicap32

msvfw32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 8KB - Virtual size: 8KB