4980b216a21b74403db8c4cd96a0c2ec

Sharing

Copy URL Twitter E-mail

General

Target

4980b216a21b74403db8c4cd96a0c2ec
Size

186KB
MD5

4980b216a21b74403db8c4cd96a0c2ec
SHA1

882861abae464a75002dfa882eb6498f0032d48f
SHA256

7facdb9d0ba4e5a5f4cb9d5b5d8520372e749f741628580c84972f757c840800
SHA512

949d9fa75085dfe3406a100d6b3613fa504aa915a99ea664a3ed30798b8b14d2ee0c7b27d4e1f6324cd0d1245ba34d39d6d05ccb773dfc48fefb232553a60c5a
SSDEEP

3072:ekG7mSrZsl/tHWZ4wvNypTCFLVYKReiaBrPfC+zwhkQ421bCKx2hZw7cMwwNEHiQ:RGZ1u2Z4CNyib0xPa+z/Wbxx2hZmcMtX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4980b216a21b74403db8c4cd96a0c2ec

Files

4980b216a21b74403db8c4cd96a0c2ec
.dll windows:5 windows x86 arch:x86

3a3e3c2cb1ae22efeb1bf56d7f814c91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SheSetCurDrive
SHUpdateRecycleBinIcon
SHGetFolderPathW

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

CheckTokenMembership
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
OpenProcessToken
InitializeAcl
GetUserNameW
AddAccessDeniedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetLengthSid

kernel32

WriteFile
WriteProcessMemory
_lcreat
lstrcmpiW
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
SetCommMask
CancelIo
ClearCommError
CloseHandle
ConnectNamedPipe
ContinueDebugEvent
ConvertThreadToFiber
CreateDirectoryW
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateNamedPipeW
CreateRemoteThread
CreateSemaphoreA
CreateThread
DebugActiveProcess
DebugBreak
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FreeLibrary
GetCommMask
GetCommModemStatus
GetCommState
GetCommTimeouts
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSize
GetFileSizeEx
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessTimes
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetThreadTimes
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
OpenEventW
OpenFileMappingW
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadFile
ReadProcessMemory
ReleaseSemaphore
ResetEvent
ResumeThread
RtlUnwind
WaitForDebugEvent
SetCommState
SetCommTimeouts
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetThreadContext
SetUnhandledExceptionFilter
SetupComm
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TerminateThread
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WaitCommEvent
WaitNamedPipeW

msvcrt

_CIfmod
_XcptFilter
__CxxFrameHandler
__RTCastToVoid
__dllonexit
__doserrno
_amsg_exit
_cscanf
_errno
_fileno
_flushall
_hypot
_initterm
_iob
_isatty
_itoa
_itow
_lock
_lseeki64
_onexit
_open_osfhandle
_purecall
_snprintf
_snwprintf
_spawnlp
_strlwr
_strnicmp
_unlock
_vsnprintf
_vsnwprintf
_wcsdup
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wctime
_wfopen
_write
_wsetlocale
_wtmpnam
_wtol
atoi
atol
calloc
ctime
fclose
feof
fgets
fgetws
fprintf
free
frexp
fseek
isprint
isspace
iswalnum
iswalpha
iswdigit
iswspace
iswupper
iswxdigit
ldexp
localeconv
malloc
memcpy
memmove
memset
printf
qsort
realloc
strchr
strncat
strncmp
strrchr
strstr
strtoul
swscanf
time
towlower
towupper
wcschr
wcsncmp
wcsncpy
wcsrchr
wcsstr
wcstoul
wctomb

Exports

Exports

AGetReport
DeleteTempFileOnShutdown
GetLogInfo
MessageBoxInst
OpenDatabase

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a3e3c2cb1ae22efeb1bf56d7f814c91

Headers

DLL Characteristics

File Characteristics

Imports

shell32

version

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 12KB