0cc13b3b3ef7184e7d91059b6a6c7afc

Sharing

Copy URL Twitter E-mail

General

Target

0cc13b3b3ef7184e7d91059b6a6c7afc
Size

40KB
MD5

0cc13b3b3ef7184e7d91059b6a6c7afc
SHA1

5a7459f98eb040f23ba3a20875e21ecd41839209
SHA256

407af99c8d490ae378f1fc80eb43e0f33fc253369a660234da2b5b5fea98a7be
SHA512

d08a47ca6fb8ce08ab0b3f0afad565eda44f314ea789f8174ff381f568306aeee7566672f4e7c40086600c6a12921c4f07c3d54bb32a5c7bd60d6a20d70797be
SSDEEP

384:9OHYnaBjDn9DUxNoHf6L9XvwS0/3vjmpDH+wU+nDg1TUqscH1LymB/SG/o5+HlUM:c4atD9lfO1Qtw/qsqcm9Gp8kRn45

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cc13b3b3ef7184e7d91059b6a6c7afc

Files

0cc13b3b3ef7184e7d91059b6a6c7afc
.dll windows:4 windows x86 arch:x86

2b6f215a5bf9aa8f7cba312715e98a26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
select
__WSAFDIsSet
recv
send
htons
inet_addr
socket
connect
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegDeleteKeyA

kernel32

GetProcessHeap
HeapFree
CreateToolhelp32Snapshot
Process32First
WritePrivateProfileStringA
GetComputerNameA
GetVersionExA
lstrcmpiA
GetDriveTypeA
GetDiskFreeSpaceExA
GetTickCount
DeleteFileA
GetLocalTime
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
HeapReAlloc
HeapSize
HeapAlloc
Process32Next
GetLogicalDrives
CloseHandle
WriteFile
SizeofResource
CreateFileA
LoadResource
FindResourceA
GetLastError
DeviceIoControl
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
GetModuleHandleA
ReadFile
GetFileSize
SetFileAttributesA
lstrcatA
GetSystemDirectoryA
CreateThread
Sleep
CreateMutexA
FreeConsole
GetPrivateProfileIntA
GetPrivateProfileStringA
GetWindowsDirectoryA
GlobalMemoryStatus

user32

wsprintfA
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation

msvcrt

strrchr
_ultoa
strstr
free
malloc
__CxxFrameHandler
_EH_prolog
_purecall
exit
atol
localtime
fprintf
strncat
_msize
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strnicmp
_strupr
_stricmp
memcpy
atoi
strcat
strcpy
fopen
strlen
fwrite
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
wcstombs
strncpy
strcmp
sprintf
fclose

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b6f215a5bf9aa8f7cba312715e98a26

Headers

File Characteristics

Imports

ws2_32

wininet

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB