0f3ef40706908c43062909b5b1f04c80

Sharing

Copy URL Twitter E-mail

General

Target

0f3ef40706908c43062909b5b1f04c80
Size

63KB
MD5

0f3ef40706908c43062909b5b1f04c80
SHA1

e23553bc92d3a833dd55352bbbc21811e660c9f9
SHA256

a7bd5d8d5430ebaf25850622b82e9961befa75f7ae4c6346d5199795a3beedfe
SHA512

2f5ca65dc51d7363749c93c04708e87ab823c40ad14dbc5aea5f167d0796590225a0258f14097a70d1795ad605af5a3fb513729641123bfd1336e3bdfde9b54a
SSDEEP

1536:Vao7pu3Ils9556Z+P2ahDRyKcbFF2YVjh:Jpu95t2ahYKcbFQYVjh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f3ef40706908c43062909b5b1f04c80

Files

0f3ef40706908c43062909b5b1f04c80
.dll windows:4 windows x86 arch:x86

4051dca3760abfcad88f97010a29d47d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
WaitForMultipleObjects
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
OpenProcess
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
CreateFileMappingA
Process32First
Process32Next
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
MapViewOfFile
GetCurrentProcessId
ExitProcess
OpenFileMappingA
GetFileAttributesA
WaitForSingleObject
GlobalUnlock
GlobalLock
CreateThread
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
CreateToolhelp32Snapshot
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

SetWindowPos
SystemParametersInfoA
EndPaint
ReleaseDC
DrawTextA
BeginPaint
GetClientRect
CloseClipboard
GetWindowTextA
OpenClipboard
SendMessageA
DefWindowProcA
RegisterClassA
SetWindowLongA
CallWindowProcA
GetWindowLongA
EnumChildWindows
FindWindowA
CallNextHookEx
GetKeyState
ToAscii
GetKeyboardState
GetKeyNameTextA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
CreateWindowExA
SetClipboardViewer
SetWindowsHookExA
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadIconA
GetParent
ShowWindow
UpdateWindow
GetClassNameA
LoadCursorA
GetClipboardData

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

gdi32

CreateFontIndirectA
SelectObject
SetTextColor
SetBkMode
ExtTextOutA
SetBkColor
DeleteObject

msvcrt

_mbsrchr
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
wcstombs
fseek
ftell
malloc
realloc
free
atoi
isalpha
_CxxThrowException
_mbsstr
strftime
_mbsicmp
localtime
_mbsnbcpy
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
_mbscmp
strcat
_mbsrev
fopen
fclose
fread
fwrite
__CxxFrameHandler
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
strcpy

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4051dca3760abfcad88f97010a29d47d

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

gdi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB