01c416916824b9d4bb9af57ed7753ceb

Sharing

Copy URL

Twitter E-mail

General

Target

01c416916824b9d4bb9af57ed7753ceb
Size

108KB
MD5

01c416916824b9d4bb9af57ed7753ceb
SHA1

beee45af13be9e05564d318de3fe4d5aeb57a699
SHA256

506f6257a658823208866d3ac7cf1a1077b3ef6355a39f46db4781e7525873b4
SHA512

af7b9e3aeb3149b17b236e05ff2f991ae538fbe42dca6cc09bd1c1a777309307da6561cd709dd2a1aa8e8431cb3182d93c6d0dfc46efdf517e18ec0a6f5a1907
SSDEEP

1536:ZfYUGuXa2lNTj+v6ZTOeLtjvz40MblaWxI1rIwOReXJPI6NTlO0:xYUGu/nJOgxvztyaWirIwyeXJg6NZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c416916824b9d4bb9af57ed7753ceb

Files

01c416916824b9d4bb9af57ed7753ceb
.dll windows:4 windows x86 arch:x86

24e738e8215d8150860ac1752a005e6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetCurrentProcess
MoveFileExA
TerminateThread
CreateThread
AllocConsole
WaitForSingleObject
WideCharToMultiByte
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
FileTimeToSystemTime
Thread32Next
Thread32First
GetWindowsDirectoryA
TerminateProcess
FindNextFileA
GetFileSize
GlobalFree
GlobalAlloc
GetStartupInfoW
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
DeviceIoControl
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
GetTempPathA
DuplicateHandle
GetLogicalDriveStringsA
GetDriveTypeA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetCurrentThreadId
OutputDebugStringA
GetTickCount
GetSystemTime
lstrcmpA
GetLocaleInfoA
lstrcpyA
lstrcatA
Sleep
ReadFile
GetLastError
WriteFile
SetEndOfFile
GetVersionExA
QueryDosDeviceA
SetFilePointer
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
PeekNamedPipe
FindClose
GetSystemDirectoryA
GetFileAttributesA
GetModuleHandleA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime

user32

GetThreadDesktop
GetProcessWindowStation
ExitWindowsEx
GetWindowTextA
GetWindowTextLengthA
OpenWindowStationA
GetAsyncKeyState
GetKeyState
GetSystemMetrics
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
CharUpperA
GetForegroundWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidA
RevertToSelf
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
ImpersonateLoggedOnUser
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
QueryServiceStatus
CreateProcessWithLogonW
LogonUserA
RegEnumKeyExA
RegDeleteKeyA

shell32

SHFileOperationA

msvcrt

rename
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
printf
wcscmp
_strupr
wcslen
atoi
_local_unwind2
strncat
time
srand
rand
strchr
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
strstr
??3@YAXPAX@Z
malloc
free
_open
_read
_write
_close
_lseek
remove
_tempnam
sprintf
strncpy
strrchr
__CxxFrameHandler

netapi32

NetApiBufferFree
NetShareEnum
NetUserEnum

ws2_32

gethostbyname
inet_addr
htons
WSACleanup
WSAStartup
WSCEnumProtocols
inet_ntoa
WSAIoctl

iphlpapi

GetNetworkParams
GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

EnumProcessModules
GetModuleFileNameExA

ntdll

_itoa
_strcmpi

wininet

HttpAddRequestHeadersA
InternetSetOptionA
InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryA
DestroyEnvironmentBlock

Exports

Exports

MainRun
ServiceMain

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24e738e8215d8150860ac1752a005e6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

netapi32

ws2_32

iphlpapi

version

psapi

ntdll

wininet

userenv

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 42KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 42KB

.reloc
Size: 8KB - Virtual size: 7KB