0d14141a9e137a97dc457b3a4f96b59d

Sharing

Copy URL Twitter E-mail

General

Target

0d14141a9e137a97dc457b3a4f96b59d
Size

35KB
MD5

0d14141a9e137a97dc457b3a4f96b59d
SHA1

2d2cc5c071d3e9fa88353a3c8ff6129a820e787e
SHA256

71e0603c50f493368eaf707f21e0f550ac9d7c2f046181ab938002dde55b9741
SHA512

7f49349c98c4c966b5f525c07c2153245ffd5cd0f2a548634a75a8a70abab66d60580adec98f1ab2cadc54523a9ef77227fbc1f7806c0a6b321c08ba21f3f092
SSDEEP

768:AtPj48QXG40JPWJqW7ctQrTvY3rzXeeQFGdiRU:sPs30JP+qWYu/vY3HqIcRU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d14141a9e137a97dc457b3a4f96b59d

Files

0d14141a9e137a97dc457b3a4f96b59d
.dll windows:4 windows x86 arch:x86

121d4f4d81535d02149b3db0e08d1466

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord825

msvcrt

strncpy
strncat
malloc
free
printf
strstr
_except_handler3
??1type_info@@UAE@XZ
strchr
_initterm
_vsnprintf
fopen
fclose
_strtime
_strdate
fprintf
_iob
sprintf
??1exception@@UAE@XZ
__CxxFrameHandler
_strnicmp
atoi
_adjust_fdiv
strncmp

kernel32

GetComputerNameA
GetLastError
GlobalMemoryStatus
WaitForSingleObject
lstrlenA
GetSystemInfo
GetWindowsDirectoryA
DeleteFileA
CreateProcessA
GetModuleFileNameA
SetCurrentDirectoryA
Sleep
TerminateProcess
LocalFree
LocalAlloc
CloseHandle
GetShortPathNameA
OpenProcess
ExitThread
DisconnectNamedPipe
TerminateThread
WaitForMultipleObjects
CreateThread
GetVersionExA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetSystemDirectoryA
ReadFile
PeekNamedPipe
WriteFile
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetTickCount

user32

PeekMessageA
ExitWindowsEx
wsprintfA
DispatchMessageA
TranslateMessage

advapi32

DeleteService
EnumServicesStatusA
OpenSCManagerA
CreateServiceA
RegCreateKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcirt

?close@fstream@@QAEXXZ
??1fstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dfstream@@QAEXXZ
??0fstream@@QAE@XZ

msvcp60

??1bad_alloc@std@@UAE@XZ
??_7bad_alloc@std@@6B@

ws2_32

recv
WSASetLastError
inet_addr
setsockopt
bind
WSAStartup
htonl
socket
inet_ntoa
gethostbyname
gethostname
__WSAFDIsSet
connect
accept
listen
closesocket
select
send
WSAGetLastError
WSACleanup
htons

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetModuleFileNameExA

Exports

Exports

Install
RemoveOnly
ServiceMain
Uninstall
_DllMain@12
_Install@16
_RemoveOnly@16
_SvcCtrlFnct@4
_Uninstall@16
_install@16
_uninstall@16
install
uninstall

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

121d4f4d81535d02149b3db0e08d1466

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

msvcirt

msvcp60

ws2_32

psapi

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB