1a909bbd00929aa59d7c77e2126ac3ca

Sharing

Copy URL Twitter E-mail

General

Target

1a909bbd00929aa59d7c77e2126ac3ca
Size

8KB
MD5

1a909bbd00929aa59d7c77e2126ac3ca
SHA1

da5a392f89c9fa891d5bae30482458b196c020cd
SHA256

697c33b619083e1e3fcc866e635bfa94fff93b82bb5b56cf9415a32bc935fae6
SHA512

724ea82437aeeba10fbaceace58a70e302ad7b10cfcf560903c09e8f452f7724fae5fe61d47dc93bc9c77cf1d2d85a2ab1a8a2541e0625f2cfd07d030ec4490a
SSDEEP

96:SW8HW+Iz4NYJDm/NEoBGcXkV+D2/4GKhyf4HL8yGshC+8omxK65slZvx:Sr3Y5mjNkV7/4G5f4rvhCgmkqslZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a909bbd00929aa59d7c77e2126ac3ca

Files

1a909bbd00929aa59d7c77e2126ac3ca
.dll windows:6 windows x86 arch:x86

e2b65ca68a2c19f6b9756c1000ca6e19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

rewind
rename
remove
putc
getchar
fwrite
fseek
fread
fopen
fgetc
fclose
exit
strcmp

kernel32

ReadFile
GlobalFindAtomW
CreateSemaphoreW
EnumTimeFormatsW
lstrcatW
HeapAlloc
HeapCreate
DebugBreak
IsDebuggerPresent
GetTempPathW
ReplaceFile
GetFileSize
CreateFileW
SetCalendarInfoW
WriteConsoleA
ExitProcess
MulDiv
DeviceIoControl
GetFullPathNameW

urlmon

CoInternetCreateSecurityManager
GetClassFileOrMime
GetClassURL
UrlMkGetSessionOption
CoInternetCreateZoneManager
RevokeBindStatusCallback
ObtainUserAgentString

rpcrt4

RpcServerUseAllProtseqsIfEx
RpcSmSetThreadHandle
NdrConformantStructBufferSize
NdrServerUnmarshall
RpcAsyncGetCallStatus
NdrServerContextMarshall

mpr

WNetGetUserW
WNetGetUniversalNameA

wsock32

recvfrom
ord1106
getsockopt
shutdown
connect
WSAAsyncGetServByName
WSACancelAsyncRequest
htons
ord1130

ws2_32

WSAGetServiceClassNameByClassIdW
WSCDeinstallProvider
WSAAddressToStringW
WSAEnumNameSpaceProvidersA
WSAGetServiceClassNameByClassIdA
WSASendDisconnect

mscms

UnregisterCMMW
GetPS2ColorRenderingDictionary
RegisterCMMA
IsColorProfileTagPresent
SetStandardColorSpaceProfileW
GetColorProfileElementTag

winspool.drv

OpenPrinterW
FindFirstPrinterChangeNotification
EnumPrinterKeyA
ord203
EnumPrintersW

Exports

Exports

Hkcoedclxfkckdl
fsdfdgdfgdfgdfg
hjhjhfc
jhgjghjghjgh
opopiosfd
ugxsdfffg
uiuiuyibgf
yghgfhfdg

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b65ca68a2c19f6b9756c1000ca6e19

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

urlmon

rpcrt4

mpr

wsock32

ws2_32

mscms

winspool.drv

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 110B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 110B

.rsrc
Size: 512B - Virtual size: 480B