0e680d45eb9787e5e5a4c5a160bcb83d

Sharing

Copy URL

Twitter E-mail

General

Target

0e680d45eb9787e5e5a4c5a160bcb83d
Size

34KB
MD5

0e680d45eb9787e5e5a4c5a160bcb83d
SHA1

52180d21bdd909b1c35a65ffcaf0c02b40b92c77
SHA256

c1bf67939f08bd0b096c584e3a841167607d3de6c5cce4fad4e006220f9ad382
SHA512

b6b2594933733585203f4f908299269c6904ac0283a4ec7e33e927beb51219656a525df94bf739da2c11ea4ac7d8374b8f2511206bc687aa4aafa47bcedbeae6
SSDEEP

768:OHhyyWTN4n9bu0QbhA2dwdGfPUW2kQ5vT:QT9TQ9xdwd8UAQJT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e680d45eb9787e5e5a4c5a160bcb83d

Files

0e680d45eb9787e5e5a4c5a160bcb83d
.dll windows:4 windows x86 arch:x86

c8bed02e11cd3b64e271a53fc082bc03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
time
__CxxFrameHandler
atoi
wcslen
_stricmp
memcmp
strstr
_strupr
strcpy
strncpy
??1type_info@@UAE@XZ
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_itoa
strlen
malloc
free
memcpy

kernel32

MultiByteToWideChar
lstrlenW
LocalAlloc
ExitThread
LocalFree
GetExitCodeThread
OpenEventA
FreeLibraryAndExitThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetTickCount
Sleep
TerminateThread
CloseHandle
lstrcmpiA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
CreateMutexA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
SetEvent
ReleaseMutex
ReadFile
SetFilePointer
GetFileSize
CreateFileA
lstrcatA
GetSystemDirectoryA
lstrcmpA
WriteFile
SetEndOfFile
FlushFileBuffers
FlushViewOfFile
OpenMutexA
CreateProcessA
GetVersionExA
lstrcpynA
GetVolumeInformationA
GetLastError
GetComputerNameA
lstrcpyA
SetThreadPriority
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
DisableThreadLibraryCalls
FreeLibrary
SetLastError
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
lstrlenA
OpenProcess

user32

DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassA
MessageBoxA
SendMessageTimeoutA
UnhookWindowsHookEx
CallNextHookEx
GetMessageA
TranslateMessage
SendMessageA
FindWindowA
GetWindow
PostQuitMessage
GetDlgItem
ShowWindow
DispatchMessageA
GetWindowThreadProcessId
EnumWindows
wsprintfA
FindWindowExA
SetWindowPos
SetWindowsHookExA

oleaut32

SysAllocString
VariantCopy
VariantInit
VariantClear
SysFreeString

ole32

CoTaskMemFree
OleInitialize
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal

advapi32

CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

ws2_32

bind
htonl
htons
socket
WSAStartup
shutdown
send
recv
select
listen
getsockname
connect
gethostname
__WSAFDIsSet
accept
closesocket
WSACleanup
gethostbyname

shlwapi

StrStrIA

Exports

Exports

?RemoteFreeLibrary@@YAHPAUHWND__@@PAUHINSTANCE__@@K@Z
?RemoteGetModuleHandleA@@YAPAUHINSTANCE__@@PAUHWND__@@PBDK@Z
?RemoteLoadLibraryA@@YAPAUHINSTANCE__@@PAUHWND__@@PBDK@Z
hook_to

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8bed02e11cd3b64e271a53fc082bc03

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

oleaut32

ole32

advapi32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 69KB

.shared Size: 1024B - Virtual size: 652B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 69KB

.shared
Size: 1024B - Virtual size: 652B

.reloc
Size: 3KB - Virtual size: 3KB