7bf2c9ddf6cebb13675a577fbc7448fb

Sharing

Copy URL Twitter E-mail

General

Target

7bf2c9ddf6cebb13675a577fbc7448fb
Size

62KB
MD5

7bf2c9ddf6cebb13675a577fbc7448fb
SHA1

4a4faf5a4a1b2cdbf32b86f87b8817dce5fd8010
SHA256

4d073cbc5eaa7a98d08c459534264cf7f1123f5152c2e451543b592191f9ea73
SHA512

f3e98de663eae7bb88e3f63acc1282d5e789a30fcd6c956ed676f4f234cc8a58d1ded68f0b806fdbd14d9342edb9294cf5f5030b920fe1e1c8bb2b92c4bb37c2
SSDEEP

1536:IXQiPbbGRUpuR92dcEcc0YFFFXmZLoYIhxClUfupRE+a4Lf:oQiPXGRN2eCMlWuO4D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bf2c9ddf6cebb13675a577fbc7448fb

Files

7bf2c9ddf6cebb13675a577fbc7448fb
.dll windows:5 windows x86 arch:x86

c6b4d86e27f7e121e43c942ff1558706

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ExitProcess
Sleep
GetVersion
CreateProcessA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
CreateEventA
GetVersionExA
lstrcmpA
VirtualAlloc
VirtualFree
lstrcmpiA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetSystemTime
MoveFileA
GetCurrentThreadId
WritePrivateProfileStringA
GetWindowsDirectoryA
MoveFileExA
GetTempPathA
CreateMutexA
GetTickCount
GetLocaleInfoA
GetVolumeInformationA
SetEvent
GetFileSize
SystemTimeToFileTime
GetProcessHeap
HeapFree
ReadFile
HeapAlloc
GetTempFileNameA
DeleteFileA
GlobalAlloc
VirtualQueryEx
GetThreadContext
GlobalFree
TerminateProcess
ResumeThread
RtlUnwind
VirtualQuery
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenProcess
lstrlenA
GetLastError
GetModuleHandleA
GetProcAddress
FindAtomA
lstrcpyA
RaiseException
lstrcatA
ReleaseMutex
GetModuleFileNameA

user32

TranslateMessage
GetMessageA
LoadCursorA
LoadIconA
DefWindowProcA
GetWindowTextA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
MessageBoxA
DispatchMessageA
FindWindowExA
GetWindowThreadProcessId
GetFocus
RegisterClassExA
wsprintfA
IsWindowVisible
GetCursorPos
EqualRect
InflateRect
CreateWindowExA
ClientToScreen
CallNextHookEx
FindWindowA
SetWindowsHookExA
PostMessageA

advapi32

RegCloseKey
RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
OpenProcessToken
CreateProcessAsUserA
RegCreateKeyExA

shlwapi

SHDeleteValueA
SHGetValueA
SHSetValueA
SHDeleteKeyA

Exports

Exports

HVJZUWRHgkp
UtNUVQNpVrV
fOkhlz
fdHyixUQJhJw
wVXguPf

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6b4d86e27f7e121e43c942ff1558706

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 2KB