079cbf16f049cb7a745e179e9e4cb68d

Sharing

Copy URL Twitter E-mail

General

Target

079cbf16f049cb7a745e179e9e4cb68d
Size

532KB
MD5

079cbf16f049cb7a745e179e9e4cb68d
SHA1

2fadb7e4fa217e0940548c92904ae9503f616a36
SHA256

e69dd5b0c2473614001aa2a23d991322521e1bd3fd8b59e342e9fd0f5c36005a
SHA512

6139e0abbe0ac5c079a5fbe75247e36bb0dc0bf58ac6315e04465e1b20887dd0273f594b593610609e8dc40f2b02c739cbeb04490d455dc7634d6ac277790f6f
SSDEEP

3072:GaokIzeTcm/TzZKqhHPdKbeByxJP84IYFh3sZO7v:G7kIz0hnZfyrPpIYTsY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
079cbf16f049cb7a745e179e9e4cb68d

Files

079cbf16f049cb7a745e179e9e4cb68d
.dll windows:4 windows x86 arch:x86

44fd3cfd977d2c4844b01f07a2b215a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
lstrcmpA
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetEnvironmentVariableA
GetWindowsDirectoryA
GetDriveTypeA
ExitThread
SetThreadPriority
GetCurrentThread
DeleteFileA
InterlockedExchange
lstrcpyA
lstrcatA
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LocalFree
lstrcmpiW
LocalAlloc
lstrcatW
lstrcmpiA
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
TerminateThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
SetErrorMode
GlobalAlloc
GetLocalTime
GetCurrentThreadId
GlobalFree
CreateFileA
SetFilePointer
WriteFile
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcpynA
GetTickCount
GetProcessHeap
MulDiv
HeapAlloc
HeapFree
Sleep
WideCharToMultiByte
lstrlenA
CreateProcessA
WaitForSingleObject
CloseHandle
LeaveCriticalSection

user32

wvsprintfA
wsprintfA
CharLowerA
CharUpperA
wsprintfW
DrawTextA
CallNextHookEx
SetTimer
KillTimer
UnhookWindowsHookEx
FillRect

gdi32

SetBkMode
SelectObject
GetDeviceCaps
CreateSolidBrush
DeleteObject
SetBkColor
CreateCompatibleBitmap
CreateDIBSection
DeleteDC
CreateCompatibleDC
SetTextColor
LineTo
MoveToEx
CreatePen
PatBlt
CreateFontA
SetPixel

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ws2_32

inet_ntoa
ntohs
recv
select
htons
socket
sendto
gethostbyname
inet_addr
send
WSAStartup
gethostname
connect
closesocket

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP

msvcrt

_strcmpi
tolower
memset
div
isdigit
toupper
isxdigit
_except_handler3
strlen
strchr
strstr
__CxxFrameHandler
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
free
__mb_cur_max
_isctype
_pctype
??2@YAPAXI@Z
printf
sprintf
_mbsstr
_mbsnbcpy
strcpy
strcat
memcpy

Sections

.text
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44fd3cfd977d2c4844b01f07a2b215a1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

gdiplus

msvcrt

Sections

.text Size: 523KB - Virtual size: 523KB

Shared Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 523KB - Virtual size: 523KB

Shared
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB