0b9e562e7223efbf26d999c2a0d1d4e2

Sharing

Copy URL Twitter E-mail

General

Target

0b9e562e7223efbf26d999c2a0d1d4e2
Size

128KB
MD5

0b9e562e7223efbf26d999c2a0d1d4e2
SHA1

ed2b349362300305428ebc53808f31fd2fef84b3
SHA256

9b22c1dc66e6e1cee36af0e363420e34194b44a885fd0d77359cb5a96426c73a
SHA512

21248130b4dd3a84e584adc7f7e53837262ee95b3c74faa15050edd311545ebf140a5bb953d9a18b041f1e8dcd9c9d62cd0e96ee6680520f9ae135bbb91fa784
SSDEEP

3072:8XihDwAmZMlj6Eeai9NE83MXuTBfCWJPHoU:DtVmMNKNE834uTBqGPHoU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b9e562e7223efbf26d999c2a0d1d4e2

Files

0b9e562e7223efbf26d999c2a0d1d4e2
.dll windows:4 windows x86 arch:x86

5fcf114199b8038979bb67a868d65d3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_snprintf
_strnicmp
strlen
strstr
_stricmp
memcmp
atoi
_itoa
memcpy
_ultoa
tolower
memset
_chkstk
_allmul
_alldiv

msvcrt

strtok

ws2_32

setsockopt
WSAGetLastError
WSAIoctl
bind
WSAGetOverlappedResult
WSAStartup
WSACreateEvent
shutdown
htons
WSAWaitForMultipleEvents
WSASend
WSASocketW
WSARecv
ntohl
WSASetLastError
getsockname
ntohs
listen
closesocket

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetSetOptionA
InternetCloseHandle
InternetConnectA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA

kernel32

CreateThread
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
WaitNamedPipeA
FindNextFileA
SetNamedPipeHandleState
HeapAlloc
GetSystemDirectoryA
GetVersionExA
FindClose
RemoveDirectoryA
TransactNamedPipe
HeapSetInformation
HeapCreate
FindFirstFileA
HeapDestroy
HeapFree
FreeLibrary
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
ExitProcess
GetFileAttributesExA
SetFileAttributesA
CreateDirectoryA
TlsGetValue
TlsAlloc
CreateEventA
TlsSetValue
ProcessIdToSessionId
Process32Next
Process32First
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
OpenProcess
Thread32Next
GetModuleHandleA
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
CloseHandle
OpenThread
GetCurrentProcessId
lstrcpyA
CreateFileA
WaitForMultipleObjects
GetFileSize
ReadFile
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
lstrcatA
GetLocalTime
WaitForSingleObject
OpenMutexA
InterlockedCompareExchange
CreateMutexA
lstrlenA
SetEvent
TerminateThread
OutputDebugStringA
Sleep
DuplicateHandle
GetExitCodeThread
ReleaseMutex
FlushFileBuffers
OpenEventA
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCurrentThread
VirtualFree
GetFileInformationByHandle
GetLastError
SystemTimeToFileTime
lstrcmpiA
GetSystemTime
GetCurrentProcess
WriteFile
CreateRemoteThread
EnterCriticalSection
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
PeekNamedPipe
GetTempPathA
lstrcmpA
SetFilePointer
SetEndOfFile
GetTempFileNameA
DeleteCriticalSection
VirtualProtect
FlushInstructionCache
VirtualQuery
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
SetLastError
lstrcmpW
MultiByteToWideChar
DeleteFileA
CreateProcessA
GetTickCount
GetFileAttributesA
LoadLibraryA

user32

ShowWindow
PeekMessageA
SetForegroundWindow
WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
wsprintfA
DispatchMessageA

advapi32

ChangeServiceConfigA
RegDeleteKeyA
OpenSCManagerA
RegCreateKeyExA
CloseServiceHandle
OpenServiceA
ControlService
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DllGetClassObject
EventStartup

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fcf114199b8038979bb67a868d65d3b

Headers

File Characteristics

Imports

ntdll

msvcrt

ws2_32

wininet

oleaut32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 6KB