40b682dfe508a86d251c8498dd88d290

Sharing

Copy URL

Twitter E-mail

General

Target

40b682dfe508a86d251c8498dd88d290
Size

28KB
MD5

40b682dfe508a86d251c8498dd88d290
SHA1

cbe9ca8b6519278828f5fa1a7ee35b80a1cc0298
SHA256

9976e6e76b37fe19f5ad8fba890a5b3b924d4c8962f7cbf8602db1fc163e7ebf
SHA512

bf6e580e5b1ebcf1527cf2eff862eb7072a5f9089f2111748aeb96347531c15de0f92acd0081cc427e2e79a279a1b74e77ca953d32cd942844f3f2ad075754f3
SSDEEP

768:bO2t2IZwfmxPuq4gEPijpdWxiDt8g654oDJ4NYLTZL:bOsBZqGmn7rxUP6TDJ4NY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b682dfe508a86d251c8498dd88d290

Files

40b682dfe508a86d251c8498dd88d290
.dll windows:4 windows x86 arch:x86

bb06aabafb776f9d5ca11b6d08c55a0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpyA
lstrlenA
GetShortPathNameA
CreateDirectoryA
Sleep
CreateFileA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
GetLastError
GetSystemDirectoryA
ReadFile
SetFilePointer
SetFileTime
WriteFile
ExitThread
FindNextFileA
GetComputerNameA
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
HeapFree
CreateMutexA
ReleaseMutex
lstrcatA
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
CreateProcessA
FormatMessageA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetExitCodeProcess
LocalFree
MoveFileA
SetCurrentDirectoryA
GlobalLock
GlobalUnlock
GetSystemTime
GetSystemTimeAsFileTime
CreateFileMappingA
DuplicateHandle
ExitProcess
GetCurrentProcess
GetThreadContext
MapViewOfFile
RemoveDirectoryA
ResumeThread
CloseHandle
WriteProcessMemory
HeapReAlloc
GetModuleHandleA
GetModuleFileNameA
GetCurrentThreadId
DeleteFileA
CreateThread
CreateEventA
GetVersionExA
lstrcmpA
SetThreadContext

user32

DispatchMessageA
PeekMessageA
OpenClipboard
PostQuitMessage
TranslateMessage
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
UnhookWindowsHookEx
GetKeyboardState
GetForegroundWindow
GetAsyncKeyState
CallNextHookEx
MessageBoxA
GetWindowTextA
PostThreadMessageA
GetMessageA
wsprintfA
ToAscii
SetWindowsHookExA
SetTimer

shell32

ShellExecuteA

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeEx

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
RegQueryValueA

wininet

InternetFindNextFileA
FtpCreateDirectoryA
FtpGetCurrentDirectoryA
FtpGetFileA
FtpSetCurrentDirectoryA
InternetConnectA
InternetOpenA
FtpFindFirstFileA
FtpPutFileA
InternetWriteFile
InternetCloseHandle
InternetGetConnectedState
FtpOpenFileA

wsock32

gethostname
gethostbyname
WSAStartup

oleaut32

SysFreeString
SysStringLen

Exports

Exports

GetUserProfile
InstallUserProfile
SetUserProfile

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared_s
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb06aabafb776f9d5ca11b6d08c55a0e

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

wininet

wsock32

oleaut32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 12KB

shared_s Size: 512B - Virtual size: 284B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 12KB

shared_s
Size: 512B - Virtual size: 284B

.reloc
Size: 1KB - Virtual size: 1KB