33ddaa2ec12841a0fc21dd21ffbf8990

Sharing

Copy URL

Twitter E-mail

General

Target

33ddaa2ec12841a0fc21dd21ffbf8990
Size

78KB
MD5

33ddaa2ec12841a0fc21dd21ffbf8990
SHA1

800c546ebac5ac17a976b5ebf135691ba41f0e5f
SHA256

4f1b9edef705c7186cff8ea5a283c445f8cdd88ca1491200b5f8fa7686c1aab2
SHA512

5fc9db7fd1abbe1912096aeaa2dc005a122c6544da4b226f9f504604550dd5e836ca7e85eff3b2ae8e4178a7a4c9032d7a9e953c93d7819f9dae7c1248110a17
SSDEEP

1536:bI935LvzwAhHY/aq6glrzuQ627tZxYH5hGKEfQ9NtzXwH8nYGTDG:bI935LvzTNq6uzDjxY2KKQ9NxXwH8nY5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33ddaa2ec12841a0fc21dd21ffbf8990

Files

33ddaa2ec12841a0fc21dd21ffbf8990
.dll windows:5 windows x86 arch:x86

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
select
WSAGetLastError
closesocket
socket
shutdown
__WSAFDIsSet
inet_addr
sendto
connect
htons
recv
send
gethostbyname
WSAStartup

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

urlmon

ObtainUserAgentString

kernel32

CreateProcessA
IsBadWritePtr
GetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
DeleteCriticalSection
GetVersionExA
CloseHandle
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleExA
SetEvent
Sleep
CreateEventA
ResetEvent
GetModuleFileNameA
OpenProcess
GetTickCount
VirtualProtect
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
OpenEventA
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushInstructionCache
SetNamedPipeHandleState
WaitForMultipleObjects
InitializeCriticalSection
WriteFile
WaitForSingleObject
FreeLibrary
CreateFileA
lstrcpyA
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpynA
CreateEventW
lstrcmpA
GetComputerNameExA
GetLocalTime
MultiByteToWideChar
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcess
CreateThread
CreateNamedPipeA

advapi32

CryptExportKey
CryptAcquireContextW
RegOpenKeyA
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
CryptReleaseContext
CryptGetHashParam
CryptImportKey
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt

wininet

InternetTimeFromSystemTimeA
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpAddRequestHeadersA
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectW
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA

dnsapi

DnsFree
DnsQuery_A

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

Init

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

crypt32

urlmon

kernel32

advapi32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 4KB