0441293cbe880ada9cea7d66c8db894b

General

Target

0441293cbe880ada9cea7d66c8db894b
Size

412KB
MD5

0441293cbe880ada9cea7d66c8db894b
SHA1

83a071f98ff49d71c7d701b27d719fc00c4b4753
SHA256

dd2259ae594256bf71e5fdad956ef585c99f3b7d89c5279efb2e1a39ddaec6af
SHA512

1e454d52a379c6276bfc64a40d0e4778f94fa771de52abed41f5b5f0667cea8813ebdb22cee7fdaf54d9391080b9dffa7238c6145ef76de9ff89a9bb9912c5ac
SSDEEP

6144:lUtS0XIf46oFN2cR+b/0Wk6MzoQQd2nRlvIyv9hCquLHyw/kXPBYuxUv3TNk:lyXkoXaslEQQd2R7cHlkpY66Zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0441293cbe880ada9cea7d66c8db894b

Files

0441293cbe880ada9cea7d66c8db894b
.dll windows:4 windows x86 arch:x86

86829520ffe629448c871e64ebc28d10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSARecvFrom

ntdll

RtlNtStatusToDosError
NtAllocateVirtualMemory
NtWaitForSingleObject
RtlFreeHeap
wcsstr
RtlQueueWorkItem
wcsncpy
RtlAllocateHeap
NtCreateFile
NtClose
NtCreateSemaphore
NtOpenFile
RtlInitUnicodeString

rtutils

TraceDeregisterA
TracePrintfExA
TracePrintfA
TraceRegisterExA
TraceDumpExA
TraceDeregisterExA
TracePutsExA

kernel32

LeaveCriticalSection
GlobalAlloc
GetQueuedCompletionStatus
DeleteCriticalSection
DeviceIoControl
InterlockedIncrement
GetLastError
GetOverlappedResult
SetEvent
Sleep
PostQueuedCompletionStatus
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
SetLastError
EnterCriticalSection
CreateEventA
GlobalFree
ResetEvent
Beep
BindIoCompletionCallback

advapi32

OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
RegSetValueExW
SetServiceStatus
QueryServiceStatus
ControlService
CloseServiceHandle

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86829520ffe629448c871e64ebc28d10

Headers

File Characteristics

Imports

ws2_32

ntdll

rtutils

kernel32

advapi32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 920KB

.rdata Size: 222KB - Virtual size: 221KB

.rsrc Size: 161KB - Virtual size: 161KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 920KB

.rdata
Size: 222KB - Virtual size: 221KB

.rsrc
Size: 161KB - Virtual size: 161KB

.reloc
Size: 512B - Virtual size: 28B