f7d392ed6a6254e1e243ad90e503d7ea

Sharing

Copy URL

Twitter E-mail

General

Target

f7d392ed6a6254e1e243ad90e503d7ea
Size

89KB
MD5

f7d392ed6a6254e1e243ad90e503d7ea
SHA1

27eb4593d04bd2359807e44c914adff921d5a112
SHA256

48db9c7a58bd1e147616db1f3264f9be66b5889c1f84a050bf02133f54433209
SHA512

5d8aad6761f9d5463804a049a4f6227ac1409e64f3020385b9fbe16d15544af2f0420f88e8effa83608e1dc58a912fc55e643b56835192f9458f5de3db0e40e8
SSDEEP

1536:KYD/szd1ptO2+sD0d2n8isKC1+zNoCkoCHOT9HJB0eAiV:tzszdM2hDo2n5sKC16oCkoCHOBHJBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7d392ed6a6254e1e243ad90e503d7ea

Files

f7d392ed6a6254e1e243ad90e503d7ea
.dll windows:4 windows x86 arch:x86

9ff60c87b6881c98e684fe73607742e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
FileTimeToSystemTime
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetWindowsDirectoryA
TerminateProcess
GetFileSize
GlobalFree
GlobalAlloc
WaitForSingleObject
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
PeekNamedPipe
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
SetEvent
GetSystemInfo
DuplicateHandle
TerminateThread
ExitThread
GetCurrentProcess
VirtualAlloc
CreateThread
MultiByteToWideChar
DeviceIoControl
QueryDosDeviceA
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
SetFilePointer
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetCurrentThreadId
GetSystemTime
lstrcmpA
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
VirtualQueryEx
ReadProcessMemory
GetEnvironmentVariableW
WideCharToMultiByte
GetLogicalDrives
WaitForMultipleObjects
GetTempPathA
FlushFileBuffers
GetFileAttributesA
GetLocaleInfoA
lstrcpyA
lstrcatA
ReadFile
SetEndOfFile
GetVersionExA
WriteFile
Sleep
GetLastError
GetSystemDirectoryA
GetModuleHandleA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTickCount

user32

GetProcessWindowStation
ExitWindowsEx
GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetThreadDesktop
CharUpperA
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
GetSystemMetrics

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
DeleteService
CreateServiceA
GetAclInformation
GetLengthSid
IsValidSid
AllocateAndInitializeSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
CreateProcessAsUserA
RegEnumKeyExA
GetUserNameW
LookupPrivilegeValueA

shell32

SHFileOperationA

msvcrt

_except_handler3
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
time
srand
rand
printf
wcscmp
_strupr
wcslen
strchr
rename
_local_unwind2
atoi
_CxxThrowException
??2@YAPAXI@Z
strstr
malloc
free
_open
_read
_write
_close
_lseek
remove
_tempnam
sprintf
??3@YAXPAX@Z
strncpy
strrchr
__CxxFrameHandler

netapi32

NetUserEnum
NetShareEnum
NetUserGetInfo
NetApiBufferFree

ws2_32

WSCEnumProtocols
inet_addr

iphlpapi

GetNetworkParams
GetAdaptersInfo

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleFileNameExA

ntdll

_strcmpi
_stricmp

Exports

Exports

ServiceMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff60c87b6881c98e684fe73607742e9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

netapi32

ws2_32

iphlpapi

version

psapi

ntdll

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 9KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 9KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 7KB