1ebedeb44aa4f42692e0c4b701867f8b

Sharing

Copy URL Twitter E-mail

General

Target

1ebedeb44aa4f42692e0c4b701867f8b
Size

82KB
MD5

1ebedeb44aa4f42692e0c4b701867f8b
SHA1

6eb4f1a25f6776c660ae80e9dce0399a15542db4
SHA256

47c2c9be5dfb0e7965ae2a3aab5b303e7a8645e377d02997e70fa59c735abc7a
SHA512

fd4bbccd678db22f223e776c2e8612ad3000eb59329bab23648c3b1cbf193cd75a2bb343fdb05d23698b5ff3649cf4db624710e23105f8f0388ff0cee6bbad8c
SSDEEP

1536:eInZzfN6jYeoTkEwmt/fO5gr/2zm1q63G5DrxP5FnToIfJOzChDHUnZdPpDE4:eeq0lKmTG5DrxBtTBfkzIHUnZdPpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ebedeb44aa4f42692e0c4b701867f8b

Files

1ebedeb44aa4f42692e0c4b701867f8b
.dll regsvr32 windows:4 windows x86 arch:x86

ef5ff47c7933f07d75daf6933da76728

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ReadFile
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CloseHandle
CreatePipe
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
CopyFileA
MoveFileA
GetCurrentProcess
WinExec
lstrcpyA
lstrlenA
SetLastError
Process32Next
GetPriorityClass
OpenProcess
Module32First
Process32First
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
MultiByteToWideChar
GetTickCount
MoveFileExA
WaitForSingleObject
CreateThread
lstrcpynA
GetModuleFileNameA
SetThreadPriority
GetCurrentThread
GetFileSize
CreateFileA
WriteFile
FreeConsole
ExitThread
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
InterlockedExchange
GetCurrentThreadId
RaiseException
LocalAlloc

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvcrt

rand
memcpy
memset
strncat
strcat
strcpy
sprintf
strncpy
strcmp
strlen
??2@YAPAXI@Z
strstr
__CxxFrameHandler
_CxxThrowException
_except_handler3
strchr
atoi
strcspn
_strlwr
srand
??3@YAXPAX@Z
_ftol
wcstombs
printf
malloc
??1type_info@@UAE@XZ
free
_initterm
_adjust_fdiv
_strnicmp

Exports

Exports

DllRegisterServer
Install
RundllInstall
RundllUninstall
StartRouter
yunguo

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef5ff47c7933f07d75daf6933da76728

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB