06b1ba68c6ef0086d0ca005286449aa3

Sharing

Copy URL Twitter E-mail

General

Target

06b1ba68c6ef0086d0ca005286449aa3
Size

48KB
MD5

06b1ba68c6ef0086d0ca005286449aa3
SHA1

e55768265c3195c2916fb034f051281a4e1374ad
SHA256

b94724d61aa6e569b785025dbf2c3ee09ce0754510b3d7cf0c5f602ada8c68ac
SHA512

7a56ae62fcb4cd2a32da5308007315c743c90e248703cfc12afa6a0c7aba72bbdeb0d2eda50c400ae22945b766efc6ffed456df9469c5f0eae97ba201ee68fcf
SSDEEP

768:otM2cw4eYMoT/LECcw+wXSBzql7NXdfDfQjo1wmiQ0Q:otMGoT/4CZXSBzqBjbEoW6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b1ba68c6ef0086d0ca005286449aa3

Files

06b1ba68c6ef0086d0ca005286449aa3
.dll windows:4 windows x86 arch:x86

8afc07e92739e0a91dc9d983b28cb8dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
Sleep
SetLastError
SetHandleCount
HeapAlloc
LoadLibraryA
HeapSize
GetOEMCP
GetACP
GetProcAddress
SetFilePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
HeapReAlloc
EnterCriticalSection
VirtualAlloc
CloseHandle
FlushFileBuffers
RtlUnwind
LCMapStringW
LCMapStringA
SetStdHandle
ReadFile
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
CreateThread
TlsGetValue
GetLastError
LeaveCriticalSection
GetStdHandle
WriteFile
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree

user32

TranslateMessage
GetMessageA
DefWindowProcA
DispatchMessageA
LoadCursorA
LoadIconA
ShowWindow
RegisterClassA
CreateWindowExA
PostQuitMessage
UpdateWindow
SetWindowLongA
DestroyWindow

gdi32

GetStockObject

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

wsock32

inet_addr
recv
send
socket
ioctlsocket
htons
WSAAsyncSelect
connect
WSAGetLastError
closesocket
WSACleanup
WSAStartup
gethostbyname
gethostname

wininet

InternetOpenA
InternetConnectA
InternetReadFile
InternetCloseHandle

Exports

Exports

GetName
RecvDataBla
SetSend

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8afc07e92739e0a91dc9d983b28cb8dd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

rasapi32

wsock32

wininet

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB