7e4d51cc006a4ce39d7afaae0a18674b

Sharing

Copy URL Twitter E-mail

General

Target

7e4d51cc006a4ce39d7afaae0a18674b
Size

144KB
MD5

7e4d51cc006a4ce39d7afaae0a18674b
SHA1

eebc3846aa7870acf2c352e0bc3a218b6dee1283
SHA256

13d3f9a8c44784cd69c41cf3acb8bc0daacf84988d44441a2430ac35a01f108c
SHA512

e4742ca6f0edcc1abc675407f05a0c554c7a9ba0fd4667c472c868348bc1b1964868971c5ff69d291233101c5273f323038fc537e580f1a5bafad9e81b13e8a7
SSDEEP

3072:LEF5+B3H9ItGm626kzd65v0C8giWNaT2OuHIR:4FoB3m226kTYaTD2u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e4d51cc006a4ce39d7afaae0a18674b

Files

7e4d51cc006a4ce39d7afaae0a18674b
.dll windows:4 windows x86 arch:x86

7778a9b32007bf3b951a8fcb1fc0e54f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LocalFree
Sleep
OpenEventA
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetVolumeInformationA
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
GetProcAddress
CreateFileA
CloseHandle
TerminateProcess
WriteProcessMemory
GetModuleHandleA
MapViewOfFile
GlobalAlloc
UnmapViewOfFile
WaitForSingleObject
GetModuleFileNameA
CreateFileMappingA
WriteFile
GetComputerNameA
InterlockedCompareExchange
OpenFileMappingA
GlobalFree
CreateDirectoryA
CreateMutexW
ExitProcess
InterlockedIncrement
CopyFileA
InterlockedDecrement
CreateEventA
CreateProcessA
ReadProcessMemory
GetCommandLineA
GetCurrentProcess

ole32

CoInitialize
CoTaskMemAlloc
OleCreate
CoCreateInstance
CoUninitialize
CoCreateGuid
OleSetContainedObject
CoSetProxyBlanket

user32

DestroyWindow
DispatchMessageA
UnhookWindowsHookEx
SetWindowsHookExA
GetSystemMetrics
SendMessageA
DefWindowProcA
ScreenToClient
GetCursorPos
CreateWindowExA
TranslateMessage
RegisterWindowMessageA
GetClassNameA
KillTimer
ClientToScreen
GetMessageA
SetWindowLongA
PeekMessageA
GetWindowThreadProcessId
SetTimer
PostQuitMessage
FindWindowA
GetParent
GetWindowLongA
GetWindow

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegDeleteKeyA
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegDeleteValueA
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

SHGetFolderPathA

Exports

Exports

eapEventplugin

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7778a9b32007bf3b951a8fcb1fc0e54f

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 948B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 948B

.reloc
Size: 8KB - Virtual size: 6KB