4b9859f459ea6e823907dc124f47620a

Sharing

Copy URL

Twitter E-mail

General

Target

4b9859f459ea6e823907dc124f47620a
Size

144KB
MD5

4b9859f459ea6e823907dc124f47620a
SHA1

3304fed8fb8bee6e64f1f583e55b390284c7f953
SHA256

47cff82a82bc56c6df09399d1a8daf05d997c0696d693359a7c7fe616754014b
SHA512

aec705744eabd785f178f2bfd488dbc419bc1c7b45b61e74b4b08b2071ccb965cfc912014ff67b1c2f0ad22cc73fe2dd4e0dc559b62dd9cdf3bf6b325325bf57
SSDEEP

3072:+VKwMCY/bzuZpbfmpVKxgsIRZzGGijqEulGeG3z9N4:+VKwtY/mvqV5/jXijhulGeG3z34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b9859f459ea6e823907dc124f47620a

Files

4b9859f459ea6e823907dc124f47620a
.dll windows:4 windows x86 arch:x86

3f7572a2b7c10e58f735d30b832db72d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
LoadLibraryA
GetModuleHandleA
GetCommandLineA
WriteFile
GetVolumeInformationA
CreateFileMappingA
CreateDirectoryA
CreateProcessA
GetProcAddress
TerminateProcess
GlobalFree
GetTickCount
InterlockedCompareExchange
CreateEventA
HeapAlloc
InterlockedDecrement
GlobalAlloc
OpenFileMappingA
GetLastError
WriteProcessMemory
GetProcessHeap
GetComputerNameA
WaitForSingleObject
GetCurrentProcess
HeapFree
SetLastError
CreateMutexW
GetModuleFileNameA
CreateFileA
ExitProcess
CopyFileA
OpenEventA
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
LocalFree
Sleep
ReadProcessMemory
MapViewOfFile
CloseHandle

ole32

OleCreate
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
OleSetContainedObject
CoTaskMemAlloc
CoSetProxyBlanket

user32

GetWindow
FindWindowA
GetMessageA
RegisterWindowMessageA
CreateWindowExA
DestroyWindow
DispatchMessageA
GetWindowThreadProcessId
GetSystemMetrics
ScreenToClient
ClientToScreen
GetClassNameA
DefWindowProcA
SetWindowsHookExA
SendMessageA
PeekMessageA
TranslateMessage
PostQuitMessage
GetParent
GetWindowLongA
GetCursorPos
SetTimer
UnhookWindowsHookEx
SetWindowLongA
KillTimer

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
RegDeleteKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

MSNEventLite

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dqcdzn
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f7572a2b7c10e58f735d30b832db72d

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 992B

dqcdzn Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 992B

dqcdzn
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB