0a8fcc58050aa05f065420a36555a157

Sharing

Copy URL Twitter E-mail

General

Target

0a8fcc58050aa05f065420a36555a157
Size

128KB
MD5

0a8fcc58050aa05f065420a36555a157
SHA1

2d0a5d793f90f8bdbfa95be7d645f159d8001868
SHA256

4b0fe778bb9a34834424f6a44c349397945636b0f4d86194bcc2cce51ed53e0d
SHA512

a1fe19e212a4a2d81cfda8fdf49ca89dc5bfa5cb459f5c9cf62c5456192bae7e75df9d9f808b269d96a04b2d2231c08b223b33cd37c34a5b5b3bb9e140950732
SSDEEP

1536:UICDypcpcjzOUCC1YhdN6tX+tnpaCtX8LVbxlfZNX:UISncGUCpN6jXLVbxlfTX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a8fcc58050aa05f065420a36555a157

Files

0a8fcc58050aa05f065420a36555a157
.dll windows:4 windows x86 arch:x86

983dff14ecd70495b7d1d9a67b041a64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
WSACleanup
closesocket
select
connect
htons
setsockopt
htonl
sendto
WSAStartup
send
socket
inet_addr
gethostbyname

kernel32

ReadFile
GetSystemInfo
FlushFileBuffers
SetStdHandle
SetEndOfFile
HeapAlloc
VirtualProtect
HeapFree
Sleep
CreateThread
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
lstrcpyW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
GetModuleFileNameA
CloseHandle
GetSystemDirectoryA
OpenFile
lstrlenW
GetModuleFileNameW
CreateProcessW
GetSystemDirectoryW
CreateFileW
GetPrivateProfileStringW
GetCurrentProcess
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
CopyFileW
DeleteFileW
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
GetOEMCP
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
LeaveCriticalSection

user32

wsprintfW
RegisterClassExW
GetWindowLongW
GetClientRect
SetWindowLongW
PostQuitMessage
DefWindowProcW
TranslateMessage
DispatchMessageW
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

Exports

Exports

GetDllModuleControl
StartShell

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

983dff14ecd70495b7d1d9a67b041a64

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 48KB - Virtual size: 65KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 48KB - Virtual size: 65KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 8KB - Virtual size: 5KB