2effcc96d2e5bac957c3276c363a10d2

Sharing

Copy URL Twitter E-mail

General

Target

2effcc96d2e5bac957c3276c363a10d2
Size

52KB
MD5

2effcc96d2e5bac957c3276c363a10d2
SHA1

f1a0b8743fd81ee1de78328b56c26638ff16edd3
SHA256

715d472f1c3772d862422316ae23aee2760ddf420f272d0907720fd43069325c
SHA512

0bb837650d8c60ad805b88bcd5ce963faa383d718ef3e5e240f736eef7b0ff9711e1fce546467bbb26f7bb3ff0aac664adc538bd9ee6236e2e225627bcbf2405
SSDEEP

768:ZuLBr6nmO/r5v0hoJDG2EPsQjMAxFJHTF90C1swj5zi9nreIE6H7LYH:Z8arp0kDG5ZNbak+9nrTHvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2effcc96d2e5bac957c3276c363a10d2

Files

2effcc96d2e5bac957c3276c363a10d2
.dll windows:4 windows x86 arch:x86

0151da1dbcf32d32f38d4233a0d24382

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

SetTcpEntry
GetTcpTable

psapi

EnumProcessModules
GetModuleFileNameExA

ws2_32

listen
setsockopt
connect
accept
send
socket
inet_addr
htons
bind
WSAIoctl
closesocket
recv
gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAStartup
select

advapi32

OpenServiceA
QueryServiceStatus
StartServiceA
ControlService
DeleteService
ChangeServiceConfigA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

kernel32

GetStartupInfoA
CreatePipe
ReadFile
PeekNamedPipe
WriteFile
DisconnectNamedPipe
WaitForMultipleObjects
TerminateThread
GetSystemDirectoryA
FindFirstFileA
VirtualAlloc
GetFileSize
GetDiskFreeSpaceExA
GetDriveTypeA
GetSystemDefaultLangID
GetTickCount
GlobalMemoryStatus
MultiByteToWideChar
GlobalFree
SetFileTime
FindClose
CreateThread
DeleteFileA
Sleep
GetModuleFileNameA
GetSystemTime
GetTempPathA
CloseHandle
GetLastError
GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
WaitForSingleObject
WinExec
CreateProcessA
GetFileTime
CreateFileA
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
OpenProcess
GetComputerNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
Module32Next
Module32First

user32

ExitWindowsEx

gdi32

GetDeviceCaps
CreateDCA
DeleteDC

urlmon

URLDownloadToFileA

netapi32

NetUserDel
NetUserEnum
NetApiBufferFree

msvcrt

strncpy
wcstombs
strncat
_except_handler3
strncmp
fclose
fprintf
fopen
printf
sprintf
strchr
free
malloc
atoi
strstr
_strupr
_snprintf
_strnicmp
_stricmp
_wcsicmp

Exports

Exports

Install
InstallService
Remove
RemoveService
ServiceMain
SetNew
SetNewString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0151da1dbcf32d32f38d4233a0d24382

Headers

File Characteristics

Imports

iphlpapi

psapi

ws2_32

advapi32

kernel32

user32

gdi32

urlmon

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 3KB