0b1076cad963a35aa4efb6f7c1aac8eb

Sharing

Copy URL Twitter E-mail

General

Target

0b1076cad963a35aa4efb6f7c1aac8eb
Size

32KB
MD5

0b1076cad963a35aa4efb6f7c1aac8eb
SHA1

cee146f0f31cf4bfbde25dbd91fa98f1456e8a7f
SHA256

5863249fc420a8b523715d11fff0d48d8dd8e881b41b2d3f1da1874a9831872e
SHA512

0c2ea2fddb531df12871795dfbd13edc093d1b04b1b87dfa83425f33b91e67933780e7304243eaeaa03635dd4f18fc82ac4631eae9d7dc1de64aaca9bdc716a8
SSDEEP

384:7pYk8UjVLjEQ62eT2+UHAd6vR8Ow0l4aXq+WlRueN1H:xrtjL+2+UH2k7/e7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b1076cad963a35aa4efb6f7c1aac8eb

Files

0b1076cad963a35aa4efb6f7c1aac8eb
.dll windows:4 windows x86 arch:x86

45101fd40c40e02c1777e13dc2c28bf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetSystemTime
GetTickCount
GetWindowsDirectoryA
SetUnhandledExceptionFilter
Sleep
WriteFile

mpr

WNetAddConnection2A
WNetCancelConnectionA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
memset
rand
signal
sprintf
srand
strcat
strlen

shell32

ShellExecuteA

user32

MessageBoxA

ws2_32

WSAStartup
accept
bind
closesocket
gethostbyname
htonl
htons
listen
recv
select
send
socket

Exports

Exports

BackDoor@4
L0cal@4
NetSpread
Payload
WinMain@16
extra@4

Sections

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45101fd40c40e02c1777e13dc2c28bf8

Headers

File Characteristics

Imports

kernel32

mpr

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.data Size: 512B - Virtual size: 192B

.ctors Size: 512B - Virtual size: 4B

.rdata Size: 1024B - Virtual size: 640B

.bss Size: - Virtual size: 176B

.edata Size: 512B - Virtual size: 168B

.idata Size: 2KB - Virtual size: 1KB

.text Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 416B

.data
Size: 512B - Virtual size: 192B

.ctors
Size: 512B - Virtual size: 4B

.rdata
Size: 1024B - Virtual size: 640B

.bss
Size: - Virtual size: 176B

.edata
Size: 512B - Virtual size: 168B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 416B