155255c9dd1a1efe5a1fc41017fcf680

Sharing

Copy URL Twitter E-mail

General

Target

155255c9dd1a1efe5a1fc41017fcf680
Size

60KB
MD5

155255c9dd1a1efe5a1fc41017fcf680
SHA1

09e5c04734609fea1653d5e49a51506601014116
SHA256

c6f68032850675556ccfaecb33e77ef3d221bfacec737287b4967f86ddf3eac7
SHA512

2ac3b85d054ff1caaeaaf35bec5e1d53ee06780e439d65b0d79fc1254576aeacc5b2e4b01531814c14e315d36ca57a6f6978afd47980974d61b66f836eecf497
SSDEEP

768:mE0IIc3zYevA414pKx+Gq6TEi9zzoAG1spGuTzzpTT9NA3gMjz+O4XhYOfU:Fbr0KA4OpKx+t6TEqGoSF3+O4XhY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
155255c9dd1a1efe5a1fc41017fcf680

Files

155255c9dd1a1efe5a1fc41017fcf680
.dll windows:4 windows x86 arch:x86

417c45e4a8fcca606f9cf5b2048c964b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetTickCount
DeleteFileA
CloseHandle
ReadFile
GetFileSize
CreateFileA
SystemTimeToFileTime
GetLocalTime
WriteFile
GetFileAttributesA
lstrcatA
lstrcpyA
CreateThread
LocalFree
FormatMessageA
GetLastError
ResetEvent
WaitForSingleObject
SetEvent
WaitNamedPipeA
lstrlenA
OpenEventA
SetLastError
MoveFileExA
GetTempFileNameA
GlobalAddAtomA
CreateEventA
CreateNamedPipeA
GlobalDeleteAtom
SetFileTime
TerminateProcess
CreateProcessA
GetVersion
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
lstrcpynA
GetConsoleTitleA
GetTempPathA
FindAtomA
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
GlobalFindAtomA
ExitProcess

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
GetUserNameA
InitializeSecurityDescriptor

urlmon

URLDownloadToFileA

user32

wsprintfA
IsWindowVisible
GetClassLongA
wvsprintfA
CharUpperA
GetCursor
GetDC

msvcrt

memset
strcmp
strlen
strcpy
memcpy
atol
_ftol
_ltoa
_EH_prolog
__CxxFrameHandler

rasapi32

RasEnumConnectionsA

shell32

SHGetSpecialFolderPathA

Exports

Exports

MGB
MGO

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

417c45e4a8fcca606f9cf5b2048c964b

Headers

File Characteristics

Imports

kernel32

advapi32

urlmon

user32

msvcrt

rasapi32

shell32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB