69c7cf447877cfb28448eaea14238e32

Sharing

Copy URL Twitter E-mail

General

Target

69c7cf447877cfb28448eaea14238e32
Size

44KB
MD5

69c7cf447877cfb28448eaea14238e32
SHA1

f8e1205acdb2a7bbf4201c869faf36e9e7254650
SHA256

23d5903f5251ddc6aac101fa67b1d245361605cff49716a8286968ebe93a1d0d
SHA512

eee2f6881c8c2ee6fac630f7b4e203a6800e981f89626dc312749b8d2187d1ce3e75fe693974bb8efdfcbc7b1fa9a70ac2cc1103d81a46a7d36b122d870143c9
SSDEEP

384:/Qi3bUN2ix8+uAcMMkYYgjh8wyRZYvcaSKpe/9sYsBOETaPbuABRsuYq6Fuc10g:Yi3bUNSAAgrtl2Sbohuzg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69c7cf447877cfb28448eaea14238e32

Files

69c7cf447877cfb28448eaea14238e32
.dll windows:4 windows x86 arch:x86

c31e10b087dde397a0693df3dc7b9562

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
memmove
_initterm
free
difftime
atoi
_strupr
strstr
sprintf
srand
sscanf
??3@YAXPAX@Z
??2@YAPAXI@Z
_lseek
_close
_write
_read
_open
time
localtime
strftime
rand

kernel32

lstrlenA
GetFileSize
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetLastError
GetExitCodeProcess
TerminateProcess
WinExec
WriteFile
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetSystemDirectoryA
DeleteFileA
LocalFree
CloseHandle
ReadFile
CreateFileA
LocalAlloc
CreateThread
GetTickCount
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
FindNextFileA
FindClose
FindFirstFileA
SetCurrentDirectoryA
Sleep

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ws2_32

gethostbyaddr
inet_addr
WSAStartup
gethostbyname
htons
connect
recv
getsockname
inet_ntoa
send
closesocket
socket

wininet

InternetConnectA
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
FtpPutFileA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Exports

Exports

_DllMain@12
load

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Oreloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.neolit
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c31e10b087dde397a0693df3dc7b9562

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

Oreloc Size: 4KB - Virtual size: 4KB

.neolit Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

Oreloc
Size: 4KB - Virtual size: 4KB

.neolit
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 8KB