2bc2f576b40945ec77aeb7015d2b89ab

Sharing

Copy URL

Twitter E-mail

General

Target

2bc2f576b40945ec77aeb7015d2b89ab
Size

745KB
MD5

2bc2f576b40945ec77aeb7015d2b89ab
SHA1

00c3beb029cccb59dab8b1527599af5b1ec8e12a
SHA256

27ddbb4da308073f18d8945f389a19d4d85a6ab02a50dbf68e8dd33297e62a40
SHA512

38b4c91223c185efc10371bb2d44d1882d12b696d669e256f60bd85881d5acf28704f5cbe402344ebc9478375c19e70b7eaca622cc45b88208e96ffd3792d5ae
SSDEEP

12288:L2PiYoyrcK4tMrWdH0u9VkEItiWPj0GgPALBnGWTwVvRl7:L29N4pbwEIEWPYHPcBnBTwV77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bc2f576b40945ec77aeb7015d2b89ab

Files

2bc2f576b40945ec77aeb7015d2b89ab
.dll windows:4 windows x86 arch:x86

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
FreeLibrary
GetWindowsDirectoryA
GetComputerNameA
GetLocalTime
GlobalMemoryStatus
GetVolumeInformationA
FindVolumeClose
OpenProcess
CreateToolhelp32Snapshot
Module32First
SetLastError
GetModuleFileNameA
GetCurrentProcess
FlushConsoleInputBuffer
GetCurrentProcessId
MultiByteToWideChar
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateMutexA
ReleaseMutex
GetSystemTime
GetTickCount
LocalAlloc
LocalFree
Heap32ListFirst
Thread32Next
Heap32ListNext
Process32Next
Process32First
VirtualFreeEx
TerminateProcess
Module32Next
Thread32First
Toolhelp32ReadProcessMemory
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsA
ResetEvent
RemoveDirectoryA
GetLastError
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindClose
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetStartupInfoA
CloseHandle
CreateProcessA
FindFirstVolumeA

user32

GetDC
ReleaseDC
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
SetCursorPos
OpenInputDesktop
GetUserObjectInformationA
OpenDesktopA
SetThreadDesktop
CloseDesktop
mouse_event
PostMessageA
wsprintfA
ExitWindowsEx
MessageBoxA

gdi32

SelectObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
DeleteService
StartServiceA
QueryServiceStatus
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyA

ws2_32

WSASetLastError
shutdown
inet_addr
gethostbyname
closesocket
htonl
htons
socket
connect
ntohl
select
WSACleanup
WSAStartup
send
recv
WSAGetLastError

ntdll

tolower
isspace
isdigit
_strnicmp
_aulldiv
_aullrem
isxdigit
isupper
sscanf
_alloca_probe
strstr
atoi
_itoa
strcmp
strcat
memcpy
_allmul
_alldiv
memset
strncmp
strcpy
strlen
wcsstr
strtoul
qsort
_stricmp
_wcsnicmp
strncpy
memcmp
_vsnprintf
wcstombs
strncat
strchr
ceil
_ftol
_aullshr
sprintf
memmove
RtlUnwind
_chkstk

msvcrt

_errno
fprintf
_mbsrchr
_CxxThrowException
ftell
_mbscmp
malloc
_EH_prolog
__CxxFrameHandler
free
_beginthreadex
fopen
fread
fseek
fwrite
fclose
_mbsnbcat
fflush
fputc
_iob
signal
_getch
fputs
gmtime
_stat
fgets
_setmode
_wfopen
vfprintf
getenv
raise
_exit
realloc
time
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_fdopen

netapi32

Netbios

Exports

Exports

RundllInstall
RundllUninstall
ServiceInstall
ServiceMain
UnServiceInstall

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

ntdll

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 534KB - Virtual size: 534KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 14KB - Virtual size: 22KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 534KB - Virtual size: 534KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 14KB - Virtual size: 22KB

.reloc
Size: 33KB - Virtual size: 33KB