6684c995e587c726c84adec7572a81c3

Sharing

Copy URL Twitter E-mail

General

Target

6684c995e587c726c84adec7572a81c3
Size

112KB
MD5

6684c995e587c726c84adec7572a81c3
SHA1

2c9bfc42cd7d8cdeb1397a935af75af723ed29c8
SHA256

24b45a1e2bd5bf04a99bca8eb9ce62233677989470cbfff97e72cceb896edfb4
SHA512

35ea70a7997dd8de876a5b8f9124f688d056469b2863147afd67fd09579319b2d5fc14e70a1a931aa44675763313b18fb773a262256e970550a471e0415e0045
SSDEEP

3072:8XEOQyMfvpRMSNdhu3VwdfSMV1UPot0/ldd4Z5:80OQywjNd8C4MzS//ldd4Z5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6684c995e587c726c84adec7572a81c3

Files

6684c995e587c726c84adec7572a81c3
.dll windows:4 windows x86 arch:x86

9a5d790fe0770ed34ae6e093f0d04aad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_beginthreadex
wcstombs
realloc
strncat
wcscpy
_errno
strncmp
_snprintf
atoi
strncpy
strrchr
strcat
_except_handler3
calloc
strcmp
strcpy
malloc
strchr
memcmp
??2@YAPAXI@Z
memset
__CxxFrameHandler
strstr
strlen
_ftol
ceil
memmove
memcpy
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
_strcmpi
_strupr
_strnicmp
_strnset
_strrev
??3@YAXPAX@Z

kernel32

DeleteFileA
OpenEventA
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
WaitForSingleObject
GetFileAttributesA
GetTickCount
MoveFileExA
CreateEventA
TerminateThread
GetLocalTime
OpenProcess
CreateRemoteThread
DeviceIoControl
GetVersion
GetCurrentProcess
ExitProcess
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
Sleep
WriteFile
SetFilePointer
ReadFile
GetFileSize
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
GetProcAddress
LoadLibraryA
DeleteCriticalSection
EnterCriticalSection
VirtualAlloc
FreeLibrary
CloseHandle
lstrcpyA
SetEvent
InterlockedExchange
lstrlenA
lstrcatA
MultiByteToWideChar
GetVersionExA
RaiseException
GetLastError
CreateDirectoryA
GetDriveTypeA
FindClose

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

netapi32

NetLocalGroupAddMembers
NetUserAdd

Exports

Exports

ClamAV
DrWeb
Ewido
eSafe
hhacknet

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a5d790fe0770ed34ae6e093f0d04aad

Headers

File Characteristics

Imports

msvcrt

kernel32

msvcp60

netapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 6KB