0032b189fec2ace50e9000589b16f5be

Sharing

Copy URL Twitter E-mail

General

Target

0032b189fec2ace50e9000589b16f5be
Size

60KB
MD5

0032b189fec2ace50e9000589b16f5be
SHA1

24fe24e0a5a8021088d4dd7996525554ff6bbfb0
SHA256

e591eca7e4bbfb7709cf21e8a2263b7fee3f87543fc3ea0ac8fea78d467b2575
SHA512

20faca4775d28ed6b53c7144e92f2f18061afdec9ec852969b6caca6ba874726a352acf511184dd8694ed384127f5cefcbef8f2fa8aa771bd972eff8e4576ba6
SSDEEP

1536:hP5ycJldh2l6kTFDXDMRwn0KMQnhoP9Pco2:ecbGfzD08nhoKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0032b189fec2ace50e9000589b16f5be

Files

0032b189fec2ace50e9000589b16f5be
.dll windows:4 windows x86 arch:x86

af5ea14c8c3a082ed82fe93068b1ea88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeConsole
GetLastError
GetModuleFileNameA
CreateProcessA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
HeapFree
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
HeapReAlloc
WriteFile
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEnvironmentVariableA

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerA
DeleteService
SetServiceStatus
RegOpenKeyA
RegCreateKeyA
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegCloseKey

wininet

InternetSetStatusCallback
InternetOpenUrlA
InternetReadFileExA
InternetCloseHandle
InternetOpenA

Exports

Exports

InstallService
RundllInstall
RundllPrinfHash
RundllPrintBlock
ServiceMain

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af5ea14c8c3a082ed82fe93068b1ea88

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 112KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 112KB

.reloc
Size: 4KB - Virtual size: 3KB