34babea5555271c13dc114530bf0723e

Sharing

Copy URL Twitter E-mail

General

Target

34babea5555271c13dc114530bf0723e
Size

106KB
MD5

34babea5555271c13dc114530bf0723e
SHA1

cbf316422d405dbee74ea43e969ce2b62313dbd5
SHA256

008c71f003909a4218080ce2e8e037deaa831c520bb5564f570de8121db4b6ab
SHA512

8e278955b7ae90f6e4579d5ad19543796e160b0fa55da39e9c30dd92548c44970f285550827e13c09e221dcde3338c5343a6bcd561aae8b0c326125a7d15e9b6
SSDEEP

3072:TBs76jp+w1CxO2nqVHC3U1v0+4TspLm5sbggf4zjYA:T++9B2nGZm+agLm5sbgS4H/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34babea5555271c13dc114530bf0723e

Files

34babea5555271c13dc114530bf0723e
.dll windows:4 windows x86 arch:x86

89fec9d27cac764f0b0f11643ac798f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_beginthreadex
realloc
strncat
exit
_errno
strncmp
strchr
_snprintf
atoi
strncpy
strcat
strrchr
malloc
free
strcmp
calloc
strcpy
memcmp
strstr
strlen
_ftol
ceil
memmove
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_strcmpi
_strupr
_strnicmp
_strrev
_stricmp
_strnset
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_except_handler3
memset

kernel32

GetCurrentThreadId
lstrcmpiA
LocalSize
SetUnhandledExceptionFilter
SetErrorMode
OpenEventA
ReleaseMutex
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringA
DeviceIoControl
PeekNamedPipe
TerminateProcess
CreatePipe
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RaiseException
GetTickCount
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLocalTime
GetCurrentProcess
CreateEventA
CloseHandle
TerminateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
FreeLibrary
lstrcpyA
InterlockedExchange
CancelIo
GetFileAttributesA
OpenProcess
ExpandEnvironmentStringsA
lstrcatA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateProcessA
GetDiskFreeSpaceExA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
WriteFile
MoveFileA
SetFilePointer
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
Sleep

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
GetCursorInfo
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
CloseDesktop
SetThreadDesktop
mouse_event
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
EnumWindows
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
MessageBoxA
DestroyCursor
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
OpenInputDesktop
BlockInput
ExitWindowsEx
CharNextA
wsprintfA
SetCursorPos

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvfw32

ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSeqCompressFrameEnd

Exports

Exports

CodeMain
Eternal
Go
Heart
On

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89fec9d27cac764f0b0f11643ac798f5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

userenv

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB