20a4dcc0d9e81b0e9a7a91f61fb4e930

General

Target

20a4dcc0d9e81b0e9a7a91f61fb4e930
Size

20KB
MD5

20a4dcc0d9e81b0e9a7a91f61fb4e930
SHA1

f4846ea9b0a48509bedccc4b540088c512096e37
SHA256

823aae4853574faa6d7dcca1c5fd7a08f4149b78217b189226eee7822d1eb241
SHA512

5da50fef3e92e10629a77db655bd5013315a1ec8427309a07e7fd0a9576409aba1edbb5f766816a27e2c1f15eb6e7d6d512e21df26dad0166d5702c828b83dc8
SSDEEP

384:6Q/X80AgFuQH1M6msErvh/3thCQRulOsj:6kVFuQH26msA55AA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20a4dcc0d9e81b0e9a7a91f61fb4e930

Files

20a4dcc0d9e81b0e9a7a91f61fb4e930
.dll windows:4 windows x86 arch:x86

408df89d732edd46082b16b86f0bad5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
ReleaseMutex
GetLastError
CreateMutexA
OpenProcess
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
FindClose
FindNextFileA
lstrcpynA
lstrcmpA
FindFirstFileA
VirtualProtectEx
Process32Next
LoadLibraryA
Module32Next
Module32First
ReadFile
GetModuleFileNameA
WinExec
TerminateProcess
GetCurrentProcess
CreateFileA
GetTempPathA
lstrcpyA
lstrlenA
IsBadStringPtrA
CreateThread
CloseHandle
Sleep
GetCurrentProcessId

user32

GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
EnumWindows
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

shlwapi

StrStrIA

msvcrt

memcpy
??3@YAXPAX@Z
strcmp
_purecall
strncat
strcat
sprintf
memset
strcpy
isprint
strstr
??2@YAPAXI@Z
memcmp

wininet

InternetCloseHandle

Sections

.bss
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408df89d732edd46082b16b86f0bad5a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Sections

.bss Size: - Virtual size: 2.0MB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 2.0MB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 6KB