1ecceff22ba15beab95ad5a4b3404076

Sharing

Copy URL

Twitter E-mail

General

Target

1ecceff22ba15beab95ad5a4b3404076
Size

382KB
MD5

1ecceff22ba15beab95ad5a4b3404076
SHA1

94e79009ee1a1787564ec1580f0158f5b5269f56
SHA256

c6e84282fc9ecb1bb197791b87f2e0ef5bb38cd7fc107d5ae3654f2f7252ef21
SHA512

d468eccc3d7d2987b81263b766378ba62fd17e4597e07cccc13b137932075582933b5bf1f4fb8dc18652167e43085237aa40a9c1a803a440d821acac1850996a
SSDEEP

6144:7+774cbeknFyxto7NcVTPcxB7lIQA/xiZc:7+7EcJn4M6VTkxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecceff22ba15beab95ad5a4b3404076

Files

1ecceff22ba15beab95ad5a4b3404076
.dll windows:1 windows x86 arch:x86

ac928305643edd60b844b786e2984bb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
select
accept
send
sendto
setsockopt
socket
gethostbyaddr
gethostbyname
bind
gethostname
WSAAsyncSelect
closesocket
WSAGetLastError
WSAStartup
WSACleanup
connect
getsockname
WSASocketA
htonl

wininet

InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenUrlA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA

shell32

ShellExecuteA

netapi32

NetApiBufferFree
NetLocalGroupAddMembers
NetLocalGroupDelMembers
NetLocalGroupGetMembers
NetServerGetInfo
NetUserAdd
NetUserDel
NetUserEnum
NetUserSetInfo

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetDriveTypeA
GetEnvironmentStringsA
GetExitCodeThread
GetFileSize
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetTickCount
GetVersionExA
GlobalMemoryStatus
CopyFileA
HeapAlloc
HeapFree
LoadLibraryA
MapViewOfFile
MapViewOfFileEx
MoveFileA
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
CreateFileA
ReadFile
CreateFileMappingA
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQueryEx
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA

user32

MessageBoxA
ExitWindowsEx
wsprintfA

advapi32

EnumServicesStatusA
AdjustTokenPrivileges
GetSidSubAuthority
GetTokenInformation
GetUserNameA
ImpersonateLoggedOnUser
LogonUserA
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA
RegisterServiceCtrlHandlerA
RevertToSelf
ClearEventLogA
SetServiceStatus
StartServiceA
CloseServiceHandle
ControlService
CreateProcessAsUserA
CreateServiceA
DeleteService
DuplicateTokenEx

crtdll

_fdopen
_getcwd
_mkdir
_open_osfhandle
rename
_rmdir
_sleep
_stricmp
_strnicmp
_strrev
_wcsicmp
atoi
atol
clock
exit
fclose
feof
fgets
fopen
fwrite
_cexit
malloc
memcpy
memset
printf
raise
rand
setbuf
_chdir
sprintf
srand
strcat
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
strstr
strtok
wcstombs

Exports

Exports

Dfreefunc
GetFileMapLen
LibMain
ServiceHandler
ServiceMain
botstart

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac928305643edd60b844b786e2984bb3

Headers

File Characteristics

Imports

ws2_32

wininet

shell32

netapi32

mpr

kernel32

user32

advapi32

crtdll

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.bss Size: - Virtual size: 99KB

.data Size: 49KB - Virtual size: 49KB

.idata Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.edata Size: 192B - Virtual size: 192B

.text
Size: 70KB - Virtual size: 70KB

.bss
Size: - Virtual size: 99KB

.data
Size: 49KB - Virtual size: 49KB

.idata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.edata
Size: 192B - Virtual size: 192B