01c5b3c7c2d9e0ac04f6c37a4f5796ed

Sharing

Copy URL Twitter E-mail

General

Target

01c5b3c7c2d9e0ac04f6c37a4f5796ed
Size

52KB
MD5

01c5b3c7c2d9e0ac04f6c37a4f5796ed
SHA1

d8ce2f610966333af1bfb5b64b2afc0dfe17f2f2
SHA256

5fa7d9e4297f9d5c9ca3e77c2046cbd6daf9e1f3c0be0b5f5d78c14938a7d236
SHA512

93775865c47c2571be7519d7cfa003bf1e67cba2ff5de4c8f2d981f236e9a3a01adc9417e5a732eeb07d2a66caf5523a0c118003c3e0a695656817fd752ec0ec
SSDEEP

768:7TislnKPuiY42bb5KIs4AsWMExU3dLwjVH3mR+/WsTb7fSA:yKK2a2bIIs4bExUtLw5Xv/j7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c5b3c7c2d9e0ac04f6c37a4f5796ed

Files

01c5b3c7c2d9e0ac04f6c37a4f5796ed
.dll windows:4 windows x86 arch:x86

9eacf5bfc7cd1bcf15aae015ae002f6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
GetModuleHandleA
GetSystemInfo
WideCharToMultiByte
SetThreadPriority
GetCurrentThread
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
RtlUnwind
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
HeapSize
HeapFree
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA

dbghelp

ImageDirectoryEntryToData

Exports

Exports

SetINVHook
SetKLHook
UnSetINVHook
UnSetKLHook

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9eacf5bfc7cd1bcf15aae015ae002f6f

Headers

File Characteristics

Imports

kernel32

user32

dbghelp

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

SHAREDAT Size: 4KB - Virtual size: 24B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

SHAREDAT
Size: 4KB - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 3KB