075563fe3c5d9f59600537c27d0c1812

Sharing

Copy URL Twitter E-mail

General

Target

075563fe3c5d9f59600537c27d0c1812
Size

104KB
MD5

075563fe3c5d9f59600537c27d0c1812
SHA1

e6aa81029d44cb01a5d0acd9909c40d6c3758529
SHA256

956d928b840f5fbdb6a9f0fbeb0ece6678fe74044c6800945a36ffd52d7fa217
SHA512

3e2e997ea6c8d9a54bdcb1648f4b9ac4732d1ccb0945a2c9818488dc450ba3d16d5e8ef494703b09c9c906ad3d5ec55534451fe9cf64bf24246c4dfd5790ded8
SSDEEP

1536:2Ie1enSm+OEP7gi+RUX50TqEyPjNKh6WHUkTSZ7hsvej2AjV3digTBTNddD7tJS7:A1Ndj/j+TSZ7tCaxNT7tJSom7oU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
075563fe3c5d9f59600537c27d0c1812

Files

075563fe3c5d9f59600537c27d0c1812
.dll windows:4 windows x86 arch:x86

afe1948136eda0babb5fd7b6c4fe288c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
WaitForSingleObject
WideCharToMultiByte
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
OpenProcess
FileTimeToSystemTime
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetWindowsDirectoryA
TerminateProcess
SetFilePointer
GlobalFree
GlobalAlloc
GetSystemTime
AllocConsole
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
PeekNamedPipe
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
GetTempPathA
DuplicateHandle
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
FindClose
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
CreateEventA
GetTickCount
GetLocaleInfoA
lstrcpyA
CreateThread
MoveFileExA
GetCurrentProcess
MultiByteToWideChar
DeviceIoControl
QueryDosDeviceA
GetStartupInfoW
GetFileSize
lstrcatA
Sleep
ReadFile
WriteFile
SetEndOfFile
GetVersionExA
GetLastError
GetSystemDirectoryA
GetModuleHandleA
CopyFileA
GetFileAttributesA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime

user32

wsprintfA
GetSystemMetrics
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
ExitWindowsEx

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

LookupAccountSidA
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
QueryServiceStatus
CreateProcessWithLogonW
LogonUserA
RegEnumKeyExA
CryptEncrypt

shell32

SHFileOperationA

msvcrt

_onexit
_adjust_fdiv
_initterm
__dllonexit
??1type_info@@UAE@XZ
wcscmp
_strupr
wcslen
strchr
rename
atoi
_local_unwind2
_except_handler3
??3@YAXPAX@Z
malloc
free
_open
_read
_write
_close
_lseek
remove
_tempnam
sprintf
strncpy
strrchr
__CxxFrameHandler
printf
strstr
??2@YAPAXI@Z
_CxxThrowException
rand
srand
time
strncat

ntdll

_itoa

netapi32

NetUserEnum
NetShareEnum
NetApiBufferFree

ws2_32

WSCEnumProtocols
inet_addr
gethostbyname
WSAStartup
WSACleanup

iphlpapi

GetNetworkParams
GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA
EnumProcessModules

wininet

InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetReadFile

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryA
DestroyEnvironmentBlock

Exports

Exports

ServiceMain

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afe1948136eda0babb5fd7b6c4fe288c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ntdll

netapi32

ws2_32

iphlpapi

version

psapi

wininet

userenv

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 38KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 38KB

.reloc
Size: 8KB - Virtual size: 7KB