5b129cace979b001e9471169f72afb25

General

Target

5b129cace979b001e9471169f72afb25
Size

40KB
MD5

5b129cace979b001e9471169f72afb25
SHA1

72b729f4933fc79d53ef48c785be1723a2f752f0
SHA256

cb60ac16a400028dde72266391b7c0f2f132dd9321bbadd669cdd34953fd4075
SHA512

7536cd9014e5676ec8c43df97b7e9a9599e094ee04f511086f275ba8121b24b0f06c0a933f78a8da1a9fd929a8a9640ff252eeb3368df9213b7169bf55ee26b0
SSDEEP

768:4D/hCiL/vRJiVM0GO7s+ZRR7IEEAHM2djqK1n:47vviOmUEpxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b129cace979b001e9471169f72afb25

Files

5b129cace979b001e9471169f72afb25
.dll windows:4 windows x86 arch:x86

3b25a308eaea5de740bbd649039c9f09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
WaitForMultipleObjects
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
WriteFile
GetFileSize
SetFilePointer
IsBadReadPtr
VirtualAlloc
Sleep
GetCurrentProcessId
CreateThread
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSection
GetLastError
LeaveCriticalSection
VirtualFree
EnterCriticalSection
ReadFile
GlobalFree
GlobalLock
ExitProcess
SetEvent
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalSize
GetCurrentProcess
ResumeThread
SuspendThread
WaitForSingleObject
ResetEvent
InterlockedIncrement
SetThreadPriority
TerminateThread

msvcrt

strlen
atol
strchr
_except_handler3
strstr
memcmp
strcpy
memcpy
memset
sprintf
strcat
strrchr
free
realloc
wcslen
wcscmp
malloc
rand
_strlwr
_strcmpi
_ltoa

ws2_32

inet_addr
socket
recv
closesocket
shutdown
WSAStartup
connect
send
htons

Exports

Exports

Init
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode
Monitor

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b25a308eaea5de740bbd649039c9f09

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 1KB