0c3418080f78f27fc1127b97827e0508

Sharing

Copy URL Twitter E-mail

General

Target

0c3418080f78f27fc1127b97827e0508
Size

97KB
MD5

0c3418080f78f27fc1127b97827e0508
SHA1

65b26aadbf5a9a424f59d814c96b9a3436a492ca
SHA256

f7ddf0c13324bb59aa32075a806f1397bf43cec279dc6cde315108bcbeec9416
SHA512

b7598bf8b92e00b51c11d0dbccffdec9e944dd05c2e97ef88d13a38c0c9173610f9d796a1a54ce4272826227dda3e7569e945065f4ed003299e205ed14534e2d
SSDEEP

1536:t4h2lL6CdqahoGoi+CTGUo4a8DTurGxJQ6DU+ke:ihuRoY9oi+6LZaMQ6DUe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c3418080f78f27fc1127b97827e0508

Files

0c3418080f78f27fc1127b97827e0508
.dll windows:4 windows x86 arch:x86

5b7835ac25380069d8725ec480fd8d3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
SetThreadDesktop
PostMessageA
wsprintfA
OpenDesktopA
CallNextHookEx
GetForegroundWindow
SetCursorPos
SetWindowsHookExW
GetWindowTextA
GetWindowThreadProcessId
wsprintfW
GetMessageA
GetActiveWindow
CharLowerA
PostThreadMessageA
CharUpperA
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DestroyWindow
DispatchMessageA
SendMessageA
SendInput
GetThreadDesktop
UnhookWindowsHookEx
OpenInputDesktop
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
TranslateMessage
CreateWindowExA
RegisterDeviceNotificationA
LoadIconA
LoadCursorA
GetSystemMetrics
LoadImageA
RegisterClassExA
IsWindow

gdi32

BitBlt
DeleteDC
GetDIBits
CreateCompatibleBitmap
DeleteObject
GetStockObject
GetDeviceCaps
CreateDCA
CreateCompatibleDC
SelectObject

advapi32

ImpersonateSelf
CreateServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
LogonUserA
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
StartServiceA
OpenThreadToken
AdjustTokenPrivileges
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
CloseServiceHandle

shell32

ShellExecuteA
SHFileOperationA
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal

ws2_32

listen
setsockopt
bind
socket
closesocket
connect
send
ntohs
accept
WSAStartup
select
recv
inet_addr
gethostbyname
inet_ntoa
htons
getsockname

shlwapi

StrCmpNIA
StrChrA
StrStrA
StrCmpW
SHDeleteKeyA
StrToIntA
StrRChrA

psapi

GetModuleFileNameExA

imm32

ImmGetCompositionStringW
ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInClose
waveInOpen

msvcrt

__CxxFrameHandler
_beginthread
strchr
free
wcscmp
malloc
strrchr
getenv
rand
srand
time
_strupr
__dllonexit
_onexit
_initterm
_adjust_fdiv
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GlobalAlloc
GetFileSize
OpenMutexA
OpenEventA
lstrcatW
OpenProcess
CreateDirectoryA
MoveFileA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
CopyFileA
lstrlenW
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
GetLocalTime
GetTempPathA
GetCurrentThreadId
WriteFile
GetCurrentThread
GetCurrentProcessId
lstrlenA
DeviceIoControl
CreateFileA
CloseHandle
FlushFileBuffers
SetFilePointer
WideCharToMultiByte
SearchPathA
GetProcAddress
GetModuleFileNameA
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetStartupInfoA
lstrcatA
CreateProcessA
Sleep
WaitForSingleObject
GetTickCount

Exports

Exports

Dzsjhkjork
DzService
ServiceMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fghtr
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcsa
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kjyt
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b7835ac25380069d8725ec480fd8d3e

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

winmm

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

fghtr Size: 5KB - Virtual size: 4KB

.xcsa Size: 4KB - Virtual size: 3KB

.kjyt Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

fghtr
Size: 5KB - Virtual size: 4KB

.xcsa
Size: 4KB - Virtual size: 3KB

.kjyt
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB