114563a43b7be4e9a3200f251bc2f6b3

Sharing

Copy URL

Twitter E-mail

General

Target

114563a43b7be4e9a3200f251bc2f6b3
Size

148KB
MD5

114563a43b7be4e9a3200f251bc2f6b3
SHA1

464d0ecf00e7602448b8fe5cf0ffbe1e9e99f387
SHA256

77ebba4dcd2d24714cec1eae87fa71c6bd83471b0b091f53ce2d3e346be22c5b
SHA512

c1309ec19bd300359d7a1cfd7d25266716873fa96c634d0ac3719d5ff018703ca5eafc53518b4e2c226f36e5f95ce1ad8f8aefda4af7faea6719f54d465d7525
SSDEEP

3072:iaHYD2MikzyJ+sBGWwHQr2mZTBftTBp8H7gWbI6cDDenc0b:iaQ2MAMsElHQr7ZTBlTHMbIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
114563a43b7be4e9a3200f251bc2f6b3

Files

114563a43b7be4e9a3200f251bc2f6b3
.dll windows:4 windows x86 arch:x86

c4c7a97308395c73ae7e2ff2a920e86d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fopen
_vsnprintf
strtok
??2@YAPAXI@Z
??3@YAXPAX@Z
exit
fputc
fwrite
memcmp
fread
_strnicmp
_getcwd
fseek
memcpy
fputs
_strtime
free
malloc
realloc
getenv
tolower
__CxxFrameHandler
strcmp
sprintf
_mktemp
atof
strlen
strcat
strstr
memset
_strdate
fclose
strcspn
strncpy
strcpy
__dllonexit
_onexit
_initterm
_adjust_fdiv
atoi
_strrev

kernel32

lstrlenA
CloseHandle
WaitForSingleObject
CreateThread
Sleep
SetFileAttributesA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetLastError
OpenMutexA
GetCurrentProcessId
GetModuleFileNameA
lstrcatA
lstrcpyA
HeapAlloc
GetProcessHeap
HeapFree
Process32Next
Process32First
InitializeCriticalSection
SetFileTime
GetFileTime
CreateFileA
FindClose
FindFirstFileA
SetLastError
FormatMessageA
LocalFree
GetLocalTime
FreeResource
WriteFile
LockResource
GetTempPathA
SizeofResource
FindResourceA
MoveFileExA
GetCurrentProcess
GetLongPathNameA
OpenProcess
GetVersion
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
RemoveDirectoryA
FindNextFileA
GetDriveTypeA
MoveFileA
GetFileSize
CopyFileA
GetSystemWindowsDirectoryA
MultiByteToWideChar
VirtualAlloc
ReadFile
GetModuleHandleA
VirtualFree
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetPriorityClass
TerminateProcess
Module32Next
Module32First
GetTickCount
SetFilePointer
CreateEventA
SetEvent
WaitForMultipleObjects
GlobalMemoryStatus
GetEnvironmentVariableA
GetStartupInfoA
CreatePipe
GetCurrentDirectoryA
DeviceIoControl
GlobalFree
LoadLibraryExA
GlobalAlloc
CreateMutexA
TerminateThread
GetVersionExA
lstrcmpiA
DeleteFileA
CreateProcessA
DeleteCriticalSection
LoadResource
CreateToolhelp32Snapshot

user32

GetActiveWindow
GetWindowTextA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetCursorPos
mouse_event
GetCursorPos
PostMessageA
ExitWindowsEx
DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
SendMessageA
IsWindow
DispatchMessageA
TranslateMessage
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
GetWindowLongA
EnumWindows
ShowWindow
ShowWindowAsync
SetForegroundWindow
AllowSetForegroundWindow
GetWindowThreadProcessId
BringWindowToTop
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
CloseWindowStation
SetThreadDesktop
wsprintfA
SetProcessWindowStation
GetSystemMetrics
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
GetMessageA
OpenWindowStationA
CloseDesktop

gdi32

CreateCompatibleDC
CreateDCA
CreateCompatibleBitmap
DeleteDC
GetDIBits
GetStockObject
SelectObject
DeleteObject
BitBlt

advapi32

LookupPrivilegeValueA
OpenProcessToken
DeleteService
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
GetUserNameA
EnumServicesStatusA
QueryServiceConfigA
ChangeServiceConfigA
StartServiceA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteA

ws2_32

getsockname
sendto
recvfrom
gethostname
inet_ntoa
WSAEventSelect
WSAEnumNetworkEvents
inet_addr
bind
listen
socket
closesocket
shutdown
WSACleanup
WSAStartup
send
select
recv
ntohs
setsockopt
getsockopt
connect
ioctlsocket
htons
gethostbyname

sfc

SfcIsFileProtected

wininet

InternetQueryOptionA
FtpPutFileA
InternetCloseHandle
InternetConnectA
InternetOpenA
GetUrlCacheEntryInfoA

psapi

EnumProcessModules
GetModuleFileNameExA

urlmon

URLDownloadToFileA

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

iphlpapi

GetAdaptersInfo

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

winmm

waveInReset
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInStart
waveInClose
waveInOpen

Exports

Exports

Entry
GetCfg
InfectFile
InstallGina
InstallHook
ResetSSDT
SysIInit
UnHook
Uninstall
UninstallKeyLog

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4c7a97308395c73ae7e2ff2a920e86d

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

sfc

wininet

psapi

urlmon

imm32

iphlpapi

avicap32

winmm

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 11KB

.sdata Size: 512B - Virtual size: 24B

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 11KB

.sdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 5KB - Virtual size: 4KB