064fc83a51b5557077a23b8ad7d86403

Sharing

Copy URL

Twitter E-mail

General

Target

064fc83a51b5557077a23b8ad7d86403
Size

296KB
MD5

064fc83a51b5557077a23b8ad7d86403
SHA1

f94e904d21f36f4949e256698337a2546368d75d
SHA256

848046da7d813061921bb14222106fb0f000a463219ec8b7cfa9048e5909db89
SHA512

e20cd67db625c02dfa805dd8d623828e3e63dcca0fb408e847ff1575de63278cb22365ced22abebb0b458281c581389001f54e501f7ea58fa72f4c016f93ff91
SSDEEP

6144:ypHsgpZW327GhcmegyPYK+H1vIu001TBjvgMPA3q:yiuZwhcMdK/u001Tlg8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
064fc83a51b5557077a23b8ad7d86403

Files

064fc83a51b5557077a23b8ad7d86403
.dll windows:4 windows x86 arch:x86

4130e859ec0c6bdcb1985c3e6b1385d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_addr
WSAStartup

advapi32

RegisterServiceCtrlHandlerA
DeleteService
CloseServiceHandle
QueryServiceStatus
ControlService
StartServiceA
CreateProcessAsUserA
CreateServiceA
RegCreateKeyA
RegOpenKeyA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
SetServiceStatus
OpenSCManagerA
OpenServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetClassLongA
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
PostQuitMessage
CharUpperA
GetCapture
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
CharLowerBuffW
GetWindowPlacement
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
GetSystemMetrics
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
SendMessageA
GetWindowThreadProcessId
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorA
UnregisterClassA
GetWindowTextA
ValidateRect
PeekMessageA
GetKeyState
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
SetWindowTextA
PtInRect
GetClassNameA
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
GetFocus
GetDlgItem
IsWindow
SetWindowLongA
SetWindowPos
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

kernel32

FindClose
FindFirstFileA
GetProcAddress
GetModuleHandleA
InterlockedDecrement
GetFileAttributesA
GetFileSize
MoveFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFree
lstrcmpA
GlobalFlags
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapReAlloc
VirtualAlloc
GetCommandLineA
RtlUnwind
RaiseException
SetStdHandle
GetFileType
HeapSize
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
lstrlenA
CompareStringA
WideCharToMultiByte
GetVersion
CompareStringW
HeapFree
GetProcessHeap
HeapAlloc
WriteProcessMemory
VirtualQueryEx
GetCurrentProcess
ReadProcessMemory
WaitForSingleObject
CloseHandle
CreateDirectoryA
DeleteFileA
TerminateThread
CreateThread
GetPrivateProfileStringA
OpenProcess
TerminateProcess
MultiByteToWideChar
Process32Next
GetLastError
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetTickCount
SetFileTime
Sleep
GetModuleFileNameA
GetFileTime
CreateFileA
GetSystemDirectoryA
SetLastError
CreateProcessA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedCompareExchange
GlobalGetAtomNameA

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHGetFolderPathA

shlwapi

UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

wininet

InternetCrackUrlA
InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetQueryDataAvailable
InternetQueryOptionA

Exports

Exports

InstallService
RundllInstall
RundllUninstall
ServiceMain
UninstallService

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4130e859ec0c6bdcb1985c3e6b1385d9

Headers

File Characteristics

Imports

ws2_32

advapi32

user32

psapi

kernel32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

oleaut32

wininet

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 28KB - Virtual size: 24KB