78f0f8f4313a760ba60807df84e099b7

Sharing

Copy URL Twitter E-mail

General

Target

78f0f8f4313a760ba60807df84e099b7
Size

44KB
MD5

78f0f8f4313a760ba60807df84e099b7
SHA1

d8bd3ac5d82570dbe97c0e83941b1e8b20c5c81a
SHA256

eb103cdafa2eeea075d49eb269bf3575f02d55da50400ffc5ed14625a0debd6f
SHA512

4ebb63de6349353d146eae315adc1c66879b04fe5d782c90e247917a49a62cc0083ee9512e72b8ee378512c62614539293e6368faffc28aa7f9ce24c320f76c6
SSDEEP

384:/toG47oLYV2cIj/6BKb6JBhGqKbhb9D4ZMTFU8KS3m9+7TFYuaThOVbWcvu6fVDY:LsbU6Bho9aZaCS3m9KFUT0tWcuK+RDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78f0f8f4313a760ba60807df84e099b7

Files

78f0f8f4313a760ba60807df84e099b7
.dll windows:4 windows x86 arch:x86

a903c2198f49a157b08b14ffbd9b45fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
ReadFile
MultiByteToWideChar
DeleteFileA
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
lstrcpynA
WideCharToMultiByte
GetPrivateProfileStringA
GetSystemTime
GetModuleFileNameA
GetLastError
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTickCount
ExitProcess
lstrcmpA
Sleep
lstrlenA
CloseHandle
lstrcmpiA
VirtualProtect
QueryDosDeviceA
GetSystemDirectoryA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetTempPathA

user32

ReleaseDC
IsRectEmpty
GetWindowTextA
GetWindowInfo
PrintWindow
EnumWindows
GetSystemMetrics
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
GetDC

gdi32

GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCA
BitBlt
DeleteObject
GetDeviceCaps
DeleteDC
GetStockObject
SelectPalette
SelectObject
GetObjectA
RealizePalette

advapi32

DeleteService
ControlService
OpenServiceA
OpenSCManagerA
CloseServiceHandle

gdiplus

GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup

wininet

InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetCloseHandle
InternetOpenA

msvcrt

_local_unwind2
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
free
wcscmp
strstr
memmove
??1type_info@@UAE@XZ
_except_handler3
memset

Exports

Exports

PPPP
QQQQ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a903c2198f49a157b08b14ffbd9b45fa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

gdiplus

wininet

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 2KB