0bca9bfc3508d025cb0f022d711c5653

Sharing

Copy URL

Twitter E-mail

General

Target

0bca9bfc3508d025cb0f022d711c5653
Size

78KB
MD5

0bca9bfc3508d025cb0f022d711c5653
SHA1

d71209a21944f414f950adc414675d5f846de71f
SHA256

5f981c2971b842081e2433d674996396dae0a6c5a3bb1acec355ff49f7ddee92
SHA512

8dd4de642ae179c3e9cd40a770116780c280364f59b69f4969684384685ea28a5b872b1f51c523905c9809eeecaf4bb9b5a22d87a9fbb0e36818f0333ec8650e
SSDEEP

1536:GI935LvzwAhHY/aq6glrzuQ627tZxYH5hGKEfQ9NtzHwH8mx8WT/a:GI935LvzTNq6uzDjxY2KKQ9NxHwH8mxu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bca9bfc3508d025cb0f022d711c5653

Files

0bca9bfc3508d025cb0f022d711c5653
.dll windows:5 windows x86 arch:x86

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
select
WSAGetLastError
closesocket
socket
shutdown
__WSAFDIsSet
inet_addr
sendto
connect
htons
recv
send
gethostbyname
WSAStartup

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

urlmon

ObtainUserAgentString

kernel32

CreateProcessA
IsBadWritePtr
GetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
DeleteCriticalSection
GetVersionExA
CloseHandle
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleExA
SetEvent
Sleep
CreateEventA
ResetEvent
GetModuleFileNameA
OpenProcess
GetTickCount
VirtualProtect
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
OpenEventA
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushInstructionCache
SetNamedPipeHandleState
WaitForMultipleObjects
InitializeCriticalSection
WriteFile
WaitForSingleObject
FreeLibrary
CreateFileA
lstrcpyA
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpynA
CreateEventW
lstrcmpA
GetComputerNameExA
GetLocalTime
MultiByteToWideChar
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcess
CreateThread
CreateNamedPipeA

advapi32

CryptExportKey
CryptAcquireContextW
RegOpenKeyA
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
CryptReleaseContext
CryptGetHashParam
CryptImportKey
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt

wininet

InternetTimeFromSystemTimeA
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpAddRequestHeadersA
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectW
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA

dnsapi

DnsFree
DnsQuery_A

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

Init

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

crypt32

urlmon

kernel32

advapi32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 4KB