00f570e74d2daf01c024cc0f80bbb29f

Sharing

Copy URL Twitter E-mail

General

Target

00f570e74d2daf01c024cc0f80bbb29f
Size

30KB
MD5

00f570e74d2daf01c024cc0f80bbb29f
SHA1

e7f9e0a2c082e7466f6e089d9fc1c3c666fe9679
SHA256

53045f2dff57be030eee5f8c952531cf23509168c2487d86f5ca2990b07c3853
SHA512

2e0d5b29ade096bccaad264c1b5d14fe2dbaab7a959e5f85d76fc0492107d3e4ce3c2baceb0980b2c152c5c3a1d016ab578377558c93172f3a7a4c6083cc46d8
SSDEEP

768:ozdjFrgHopxVrtc2hqUuXKuV5gQXC6nh:ozBFbrtcbU2KuV5gUH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f570e74d2daf01c024cc0f80bbb29f

Files

00f570e74d2daf01c024cc0f80bbb29f
.dll windows:4 windows x86 arch:x86

f4c9c43303b662b1224b8083f6e7b04d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetCurrentProcessId
ReadProcessMemory
GetProcAddress
LoadLibraryA
GetTempPathA
SetThreadPriority
GetFileSize
ReadFile
GetProcessHeap
HeapAlloc
GetLastError
GetModuleHandleA
Sleep
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetModuleFileNameA
CreateFileA
InterlockedExchange
DeleteCriticalSection

msvcrt

free
wcscat
wcscpy
malloc
wcslen
wcsncat
wcsstr
strncpy
_except_handler3
strchr
_vsnprintf
isspace
isalnum
atoi
exit
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strlwr
strstr
strlen
mbstowcs
wcscmp
memcpy
wcsncpy
strrchr
strcat
strcpy
memset
__CxxFrameHandler
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA

wsock32

closesocket
shutdown

user32

wsprintfA
GetForegroundWindow
GetClassNameW
GetWindow
wsprintfW

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4c9c43303b662b1224b8083f6e7b04d

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

user32

wininet

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB