07a63fd69cdd2ece2a78e6f8e04a9523

Sharing

Copy URL

Twitter E-mail

General

Target

07a63fd69cdd2ece2a78e6f8e04a9523
Size

26KB
MD5

07a63fd69cdd2ece2a78e6f8e04a9523
SHA1

5c94763bfd741010f40d96f95af226f7eb74abcb
SHA256

0ec43cb1236221e47e01481d70d4d0214ed3d6c3ccf63c2a26804a491321df7e
SHA512

57fdd26d2ac69494a32c99a9788e1b99b53461e01addc54a11631057e564a5ec858ccc239be5d5a46c0f1b4e203ca956135e320547d88530198cdfb4bf0f74be
SSDEEP

384:RKAmmjPfGjJyqXru+U/ltTelgGlAaTcaiGA5SnZTDvnOXg2AJnAso2k/Csv4T9+:6mjuLXC+oTe+aTewDGg2A9Iqsv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07a63fd69cdd2ece2a78e6f8e04a9523

Files

07a63fd69cdd2ece2a78e6f8e04a9523
.dll windows:4 windows x86 arch:x86

056b23d95a1a03e049dc1d485b2faaa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateEventA
LoadLibraryA
GetModuleHandleA
ResetEvent
WaitForSingleObject
FreeLibraryAndExitThread
SetThreadPriority
GetCurrentThread
ReleaseMutex
FreeLibrary
GetCurrentProcessId
SetEvent
CreateMutexA
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeSListHead
InterlockedPushEntrySList
GetTempPathA
InterlockedCompareExchange
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
GetProcAddress
GetPrivateProfileStringA
GetCurrentProcess
WriteFile
CreateFileA
GetShortPathNameA
GetTempFileNameA
WinExec
CreateFileMappingA
Sleep
DeleteFileA
OpenEventA
MapViewOfFile
UnmapViewOfFile
CloseHandle
InterlockedPopEntrySList

user32

GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
RegisterClassA
CreateWindowExA
UpdateWindow
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExA
EnumDesktopWindows
CallNextHookEx

advapi32

RegCreateKeyExA
RegEnumValueA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegDeleteValueA
RegCloseKey

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wininet

InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpSendRequestA

urlmon

URLDownloadToFileA

ws2_32

setsockopt
WSACleanup
closesocket

msvcrt

memmove
_mbsinc
abs
memcmp
_ismbcspace
__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbsnbicmp
_mbsicmp
malloc
free
strcpy
_mbscmp
time
_mbsupr
_ismbcprint
_snprintf
memset
_mbsrchr
_local_unwind2
_except_handler3
_EH_prolog
__CxxFrameHandler
sprintf
fopen
memcpy
??2@YAPAXI@Z
_memicmp
fclose
strcat
_mbsstr
_mbsnbcpy
atoi
_mbstok
strlen
fgets

netapi32

Netbios

Exports

Exports

_DllMain@12

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056b23d95a1a03e049dc1d485b2faaa3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

wininet

urlmon

ws2_32

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1KB - Virtual size: 1KB