016bc2cdbba83f3638e53cd76a97e612

Sharing

Copy URL Twitter E-mail

General

Target

016bc2cdbba83f3638e53cd76a97e612
Size

35KB
MD5

016bc2cdbba83f3638e53cd76a97e612
SHA1

47dc425cb549b2f2ec5afc4e85d53160ec58e865
SHA256

421fb84184f3a15982252d5155a008e5224da2f0ce4242725be0794c66fd863a
SHA512

08a48aab20626a3fccafc5f38bd87c47fd3af5b0307e148fdd615313b8e2e7c32b8c70b02874d3a9614142ed0bf568f22c6fee2c00d845118a6f09563444fb4c
SSDEEP

768:geLCpM+WeebVY8KBO/eXxZYGn5nsLFjqphMVGQT+RzrTX0g:lWYXbW8alaFephMVGQTCTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
016bc2cdbba83f3638e53cd76a97e612

Files

016bc2cdbba83f3638e53cd76a97e612
.dll windows:4 windows x86 arch:x86

4232b9253fbd5151d99b8a7b105398bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

ws2_32

listen

msvcrt

free

avicap32

capCreateCaptureWindowA

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA

winmm

waveInStop

imm32

ImmGetContext

advapi32

RegCloseKey

shell32

ShellExecuteA

shlwapi

StrCmpW

user32

IsWindow

gdi32

BitBlt

Exports

Exports

Domguocyok
DoService
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guoc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyo
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4232b9253fbd5151d99b8a7b105398bb

Headers

File Characteristics

Imports

kernel32

ws2_32

msvcrt

avicap32

ole32

psapi

winmm

imm32

advapi32

shell32

shlwapi

user32

gdi32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 67KB

.guocy Size: 1024B - Virtual size: 7KB

.guoc Size: 1024B - Virtual size: 1KB

guocy Size: - Virtual size: 4KB

.guocy Size: 3KB - Virtual size: 3KB

.guocyo Size: 2KB - Virtual size: 3KB

.guocyok Size: 2KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 67KB

.guocy
Size: 1024B - Virtual size: 7KB

.guoc
Size: 1024B - Virtual size: 1KB

guocy
Size: - Virtual size: 4KB

.guocy
Size: 3KB - Virtual size: 3KB

.guocyo
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 2KB - Virtual size: 4KB