709d12ba5f8310f2711126d09372b698

Sharing

Copy URL

Twitter E-mail

General

Target

709d12ba5f8310f2711126d09372b698
Size

139KB
MD5

709d12ba5f8310f2711126d09372b698
SHA1

0a05c9f0cbb3a21214c41733f8621a97a666682a
SHA256

6aff1e46b05d789f1e406c360bf527157ee4cb68c2786b0b469d4a7d47a1292a
SHA512

8261bb2db04cd6e546fbded2797fa465757e2fb64fe0456d013408247a54802151fd52a0722b8832244de9a66c6ceb73d7acbafbdbe94a9a6cba4bf0229ba2ea
SSDEEP

3072:+wEJPf4yD8744RgBo523/wjN7MRIQTvW+25IRP4HTJFbipT85EwCiBkuN0NNm6Wn:fQf4y47lgBnwjNwl25lHdFbipT8Cw+uD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
709d12ba5f8310f2711126d09372b698

Files

709d12ba5f8310f2711126d09372b698
.dll windows:4 windows x86 arch:x86

a0cf73b60f0a559a981e0ebad465d90a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
InterlockedCompareExchange
GlobalUnlock
GetSystemDirectoryA
WinExec
GetFileAttributesW
CreateFileA
GetFileSize
lstrcpyA
LoadLibraryA
GetProcAddress
GetPrivateProfileStringW
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
IsBadWritePtr
GlobalLock
LoadLibraryExW
lstrcatA
GetPrivateProfileStringA
ReleaseMutex
WaitForSingleObject
IsValidCodePage
WideCharToMultiByte
lstrcpyW
GetCurrentProcessId
LocalAlloc
CreateEventA
DuplicateHandle
GetComputerNameW
GetCurrentThread
lstrcpynW
lstrcmpW
InterlockedDecrement
FindResourceW
SizeofResource
MultiByteToWideChar
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetSystemDefaultLangID
FindResourceExW
LoadResource
LockResource
FreeLibrary
OutputDebugStringA
CloseHandle
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetLastError
FormatMessageA
LocalFree
GlobalFree
GetCommandLineA
GlobalAlloc
lstrcmpiA
VirtualProtect

user32

CharToOemA
GetParent
DestroyWindow
IsDialogMessageW
TranslateAcceleratorW
GetDlgCtrlID
GetFocus
GetWindowPlacement
SetWindowPlacement
GetWindowRect
SendMessageW
SetFocus
GetDlgItem
DestroyAcceleratorTable
PostMessageA
LoadStringA
ShowWindow
DefWindowProcA
wsprintfW
CharPrevW
GetNextDlgTabItem
GetDC
ReleaseDC
CharNextW
MessageBoxW

advapi32

ControlService
StartServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
RegSetValueExA
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegQueryValueA
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA

gdi32

EnumFontFamiliesExW
CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CreateBindCtx
CreateGenericComposite
CreateItemMoniker
CoLockObjectExternal
CreateFileMoniker
OleLoadFromStream
GetRunningObjectTable
CreateAntiMoniker

rpcrt4

I_RpcMapWin32Status
RpcBindingFree
NdrClientCall2

msvcr71

printf
_iob
fflush
_adjust_fdiv
_callnewh
_CxxThrowException
memset
malloc
free
realloc
_errno
_unlock
__dllonexit
_lock
strstr
sprintf
wcslen
_wcsicmp
iswctype
bsearch
swscanf
_HUGE
rand
__CppXcptFilter
strchr
atoi
_read
_open
_lseek
_onexit
_amsg_exit
_initterm
exit
_vsnprintf
_stricmp
memmove
_except_handler3

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0cf73b60f0a559a981e0ebad465d90a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB