092bf06194c1d7eb2e3793be0e2b9a74

Sharing

Copy URL Twitter E-mail

General

Target

092bf06194c1d7eb2e3793be0e2b9a74
Size

165KB
MD5

092bf06194c1d7eb2e3793be0e2b9a74
SHA1

8c2a0acfca4b3acabda71a1bea6d0495bf9baff5
SHA256

456e10360499cd9eb7f44631b366e926b51aeea6c3af67d4cd5911d407a3c879
SHA512

2decf26f39ebb8e72d56d1365c85c425ed0bdd8b69a30e66b252542cfb4f7bf3c6a9eb7c25956539c1350215f0dd5b57422b9e313bf0fe5927f9e7cdcaf3d3ce
SSDEEP

3072:9zIwrWVGE04/RVgxndy4kzqnMscD8/8zfFr29kn0/pUSLAvHnE78R:9EwqVGqgI+9/Wf/0/+SLmn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
092bf06194c1d7eb2e3793be0e2b9a74

Files

092bf06194c1d7eb2e3793be0e2b9a74
.dll windows:4 windows x86 arch:x86

3d861456250c81f3cd9eab79124344b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
FreeLibrary
LocalFree
MapViewOfFile
UnmapViewOfFile
GetVersionExA
Sleep
GlobalAlloc
CreateFileMappingA
CreateFileA
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
GetSystemTime
lstrcatA
GetSystemDirectoryA
DeviceIoControl
lstrcatW
GetSystemDirectoryW
MoveFileA
lstrcmpiW
GetModuleFileNameW
WriteFile
IsBadWritePtr
LockResource
SizeofResource
LoadResource
FindResourceA
lstrlenW
lstrcpyW
CreateFileW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectA
LoadLibraryExA
GetTempPathA
GetTickCount
InterlockedExchange
RtlUnwind
GlobalFree
OpenProcess
GetStartupInfoA
CreateProcessA
CloseHandle
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetCurrentThreadId
CreateEventA
GetLastError
CreateThread
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
lstrcmpiA
GetFileSize
ExitProcess
VirtualQuery

user32

wsprintfW
GetInputState
PostThreadMessageA
PeekMessageA
wsprintfA

advapi32

ControlService
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerW
DeleteService

Exports

Exports

SchedServiceMain
ServiceMain
SvchostEntry_W32Time

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss1
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d861456250c81f3cd9eab79124344b2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.bss1 Size: 512B - Virtual size: 4B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.bss1
Size: 512B - Virtual size: 4B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 1KB - Virtual size: 1KB