30c2fe9756fc20c702f3c6e464e3272d

Sharing

Copy URL Twitter E-mail

General

Target

30c2fe9756fc20c702f3c6e464e3272d
Size

99KB
MD5

30c2fe9756fc20c702f3c6e464e3272d
SHA1

c64fa0791512bff681c35b8205171e4acca7b06c
SHA256

f00cccf79bd913f4735ea60a7e91c1b60b25a58dc44b3a84418d74a3f93a6943
SHA512

0cd2389d6e5e8add71e5110c51b00b5abbf12044356505eb8e90d76e75cf328b87e5548750f9ee78decc121c6bc6368109cff17067c676f77bd6da22684ef989
SSDEEP

1536:en9gg8qMBDf8wdAMFXzPcThyAaiAFLTp2DJ8rcZZb6hZxwN4CBhav0D/:e9gTqZwdNzUTbU/gDlZI8nt/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30c2fe9756fc20c702f3c6e464e3272d

Files

30c2fe9756fc20c702f3c6e464e3272d
.dll windows:5 windows x86 arch:x86

8b8792f45dc1fb45f041c73d8633e3fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_putwch
wcscpy
wcscspn
_wcsrev
_wcslwr
_wcserror
wcscat
_wcsicmp
wcschr
strcpy

kernel32

LockFile
GetProcessHeap
HeapDestroy
GetFileAttributesA
LocalReAlloc
GetLastError
LockFileEx
SetFileAttributesA
LockResource
LocalSize
CloseHandle
EnumResourceLanguagesW
LocalFree
SuspendThread
ResumeThread
LocalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
UnlockFile
GetCommandLineA
SizeofResource
GetCurrentProcess
GetModuleHandleW
MulDiv
GetProcAddress
VirtualProtectEx
GetModuleHandleA
GetFileTime
GetSystemTime
FindResourceA
SystemTimeToFileTime
WaitForSingleObject
CompareFileTime

user32

OffsetRect
TranslateMessage
BeginPaint
SetParent
IsWindowEnabled
GetParent
DrawTextW
SetWindowRgn
EndPaint
IsCharAlphaNumericA
SetClipboardViewer
CloseWindow
GetClipboardViewer
CreateWindowExA
MessageBoxA
GetDC
DestroyWindow
GetWindowTextW
TranslateAcceleratorA
GetWindowRgn
DispatchMessageA
SwitchToThisWindow
ValidateRgn
CallWindowProcA
SetWindowTextW
SetMessageQueue
GetMessageTime
GetMessagePos
MoveWindow
GetWindowLongA
PeekMessageA
GetClassWord

gdi32

GetTextMetricsW
GetDCPenColor
DPtoLP
GetCharWidthA
SetDCPenColor
Chord
GetPixel
RestoreDC
UnrealizeObject
DeleteObject
CreateCompatibleDC
GetMetaRgn
SetTextAlign
GetObjectA

advapi32

ReadEventLogW
ReportEventA
GetOldestEventLogRecord
DeregisterEventSource
GetKernelObjectSecurity
OpenBackupEventLogW
OpenEventLogW
OpenEncryptedFileRawW
ReadEncryptedFileRaw
OpenThreadToken

Exports

Exports

_CalcValueIndex@16
_PostMsg_GetValue@4
_ReallocTable@4
_RetrieveValue@4
_UpdateValueTable@12

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GLOBAL
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STATIC
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b8792f45dc1fb45f041c73d8633e3fe

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

GLOBAL Size: 512B - Virtual size: 184B

STATIC Size: 512B - Virtual size: 40B

IMPORTS Size: 3KB - Virtual size: 3KB

CONST Size: 1024B - Virtual size: 1KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 1024B - Virtual size: 840B

.text
Size: 11KB - Virtual size: 10KB

GLOBAL
Size: 512B - Virtual size: 184B

STATIC
Size: 512B - Virtual size: 40B

IMPORTS
Size: 3KB - Virtual size: 3KB

CONST
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 1024B - Virtual size: 840B