1e969a4f884d4774dc6f53f500c747c1

Sharing

Copy URL

Twitter E-mail

General

Target

1e969a4f884d4774dc6f53f500c747c1
Size

36KB
MD5

1e969a4f884d4774dc6f53f500c747c1
SHA1

26e84bb28868352ddb75ae5f772fcda9d0926c62
SHA256

ba813ee2342c195e2da5e7322e6fbf16df8e098a0c1916b44c8de508c7f99743
SHA512

2d68121a3537087cd2d56f694ba43ad5e599298ff31cea16f5845d6153f94260f9d6db91e04e2af5511998fe0a5ec7a0a99d4160de3d512b5a1c90fb1872ae56
SSDEEP

384:wsLBjKHXqkbC9lyFN3M5Zu5xTbOu89xKu4sKukNbCeGBFbG30hT:w16yAs3eZufTKu89x94s9kNbZGFqkh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e969a4f884d4774dc6f53f500c747c1

Files

1e969a4f884d4774dc6f53f500c747c1
.dll windows:4 windows x86 arch:x86

809c6e7632244ea78b0c4efc94ac276d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueA
SHGetValueA
StrStrIA
PathRemoveFileSpecA

wininet

InternetCrackUrlA

ws2_32

connect
ioctlsocket
socket
htons
select
gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAStartup
WSAGetLastError
recv
send
closesocket
__WSAFDIsSet

kernel32

GetTickCount
InterlockedExchange
SetFilePointer
Sleep
CreateProcessA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileStringA
DeleteFileA
lstrcmpA
GetPrivateProfileIntA
GetTempPathA
lstrcatA
GetModuleFileNameA
CloseHandle
DisableThreadLibraryCalls
GetSystemDirectoryA
lstrlenA
WideCharToMultiByte
AllocConsole
GetCurrentThreadId
ReadFile
WaitForSingleObject
GetStartupInfoA
CreatePipe
FindClose
FindFirstFileA
GetExitCodeProcess
SystemTimeToFileTime
FlushFileBuffers
WriteFile
CreateFileA

user32

wsprintfA
PeekMessageA
TranslateMessage
GetMessageA
DispatchMessageA

advapi32

CloseServiceHandle
RegOpenKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA

shell32

ShellExecuteA

msvcirt

??0fstream@@QAE@XZ
??1ios@@UAE@XZ
??1fstream@@UAE@XZ
?close@fstream@@QAEXXZ
??1exception@@UAE@XZ
??_Dfstream@@QAEXXZ

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1Init@ios_base@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1bad_alloc@std@@UAE@XZ
??_7bad_alloc@std@@6B@
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

msvcrt

??1type_info@@UAE@XZ
_onexit
malloc
_adjust_fdiv
__dllonexit
free
memcpy
sscanf
??2@YAPAXI@Z
vsprintf
strstr
_beginthreadex
strrchr
strcpy
_snprintf
_EH_prolog
strlen
atoi
strcat
strncpy
memset
__CxxFrameHandler
_access
sprintf
_initterm
strcmp

Exports

Exports

InstallReport
RegisterService
ServiceMain
UnregsterService

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

809c6e7632244ea78b0c4efc94ac276d

Headers

File Characteristics

Imports

shlwapi

wininet

ws2_32

kernel32

user32

advapi32

shell32

msvcirt

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB