041efece3c4815b58a18b669931c13cf

General

Target

041efece3c4815b58a18b669931c13cf
Size

25KB
MD5

041efece3c4815b58a18b669931c13cf
SHA1

823c90109c06b0041528811a8b2e016276dfe50b
SHA256

da1d189dc8e08355aaebdd01a794c30996fb6fc93f4939247a70b39be14317ad
SHA512

0a42819eb6b8eb951ee8a77b0eb49b50d0c01d6329287295e95cd6236a9a66698686e401f27f4c2494cec0cf3e5344e8990486b09fdd681e6cc9e4fbef4fafba
SSDEEP

768:F0m2HU6FX2DU8VpffM/5bMT8giVs9g4t7saCLpE:FTrL/WzOgEOE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
041efece3c4815b58a18b669931c13cf

Files

041efece3c4815b58a18b669931c13cf
.dll windows:4 windows x86 arch:x86

3afaa9790d1f9d15234fcf43fd0c1355

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjectsEx
GetModuleFileNameA
GetLastError
CloseHandle
CreateFileA
SetFileTime
Sleep
FreeLibrary
GetProcAddress
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
MoveFileA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
CreateThread
TerminateThread
MultiByteToWideChar
FileTimeToSystemTime
GetFileTime
SetFilePointer
GetModuleHandleA
FindClose
FindFirstFileA
SetErrorMode
WriteFile
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
ReadFile
FindNextFileA
LoadLibraryA

user32

wsprintfA
MessageBoxA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ws2_32

send
sendto
recvfrom
ntohl
inet_addr
gethostbyname
inet_ntoa
shutdown
closesocket
htonl
htons
WSAStartup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACloseEvent
gethostname
socket
WSAGetLastError
ioctlsocket
connect
WSACleanup
recv

winmm

timeKillEvent
timeGetTime
timeSetEvent

msvcrt

_strnicmp
_adjust_fdiv
_initterm
_onexit
__dllonexit
malloc
free
atoi
sscanf
strrchr
memcpy
_gcvt
strcpy
memset
strcmp
strlen
sprintf
_beginthread
_endthread
strcat
_purecall
_EH_prolog
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler

Exports

Exports

InjApplicationDll
InjSystemDll
StartMoFei
StopMoFei

Sections

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3afaa9790d1f9d15234fcf43fd0c1355

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

winmm

msvcrt

Exports

Exports

Sections

.data Size: 23KB - Virtual size: 22KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 23KB - Virtual size: 22KB

.reloc
Size: 1KB - Virtual size: 1KB