709ad9475db879ffd36a4b33bf736e9e

Sharing

Copy URL Twitter E-mail

General

Target

709ad9475db879ffd36a4b33bf736e9e
Size

144KB
MD5

709ad9475db879ffd36a4b33bf736e9e
SHA1

317db6b3a23710a2e27459be4e0bb4432e36eec4
SHA256

2fd82ed3bdadd81149dba4ddde79aca34aebfa7c7326b1ed2b8a86ede2973b2c
SHA512

4278b80a9722a5da23852e1c50da737855b89d359187bf98d086b733831ab7ae82ec4f45ba865a35d5646672b5e443e926199d3f54d8c6e1decc69c5a193546f
SSDEEP

1536:/JuHKiBHINxyU8PQ4lgJKZ2TC8A2bch2jmD8O/6cCg3OFNmtl1M+UhmLe1B:xuqiBZZY59mYOP3OFNmtrUhZB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
709ad9475db879ffd36a4b33bf736e9e

Files

709ad9475db879ffd36a4b33bf736e9e
.dll windows:4 windows x86 arch:x86

0deff7a7a3eed51690936d111d659651

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetCurrentThread
Beep
RtlMoveMemory
TerminateProcess
CreateProcessA
CreateWaitableTimerA
SetWaitableTimer
VirtualProtectEx
VirtualAllocEx
CreateFileMappingA
MapViewOfFile
VirtualFreeEx
UnmapViewOfFile
LoadLibraryA
CreateRemoteThread
WaitForSingleObject
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
lstrcpyn
GetModuleFileNameA
GetTickCount
GetPrivateProfileStringA
Sleep
GetVersionExA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
ReadProcessMemory
VirtualQueryEx
MultiByteToWideChar
WriteProcessMemory
CreateThread
OpenProcess
GetCurrentProcess
VirtualProtect
CloseHandle
IsBadReadPtr
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
VirtualAlloc
RtlUnwind
GetCPInfo
GetACP

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
wvsprintfA
MsgWaitForMultipleObjects
GetGUIThreadInfo
GetWindowThreadProcessId
PostMessageA
GetForegroundWindow
CallWindowProcA
GetAsyncKeyState
SetTimer

advapi32

CryptDestroyHash
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

Exports

Exports

CALL_9999
ģ��_ca

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0deff7a7a3eed51690936d111d659651

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 71KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 71KB

.reloc
Size: 8KB - Virtual size: 5KB