126762830471cd25069a07524e46cc80

Sharing

Copy URL Twitter E-mail

General

Target

126762830471cd25069a07524e46cc80
Size

30KB
MD5

126762830471cd25069a07524e46cc80
SHA1

540820f03fad12c3937218e02914f82eb95f25fc
SHA256

d1309666a7cd5e50bdae3a2bef3f88200f3494298fe119b89ac766b7e97961f3
SHA512

b455b824b3c2ae0108399e9eeed506cedfc6081c69bda99556a89f7883bea89ef7d199ecfe3120a4aa6fe407b4ffec6998cf7161245254e02c9bc1f4368d2af9
SSDEEP

768:oH+6DKAIAto9GY2/sIgNIZRy010kT1xyDuaPI9:4vDYcTMIZg0dkjP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
126762830471cd25069a07524e46cc80

Files

126762830471cd25069a07524e46cc80
.dll windows:4 windows x86 arch:x86

2a1614a08f9e809b426c84f3ba1ad5a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
GetWindowTextA
GetDlgItemTextA
GetClassNameA
EnumChildWindows
GetForegroundWindow
CharLowerA

kernel32

CreateEventA
CreateFileA
CreateDirectoryA
ConnectNamedPipe
CreateFileMappingA
CreatePipe
CreateProcessA
CreateThread
DeleteFileA
CreateNamedPipeA
DeviceIoControl
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
ExitThread
GetSystemDirectoryA
GetStartupInfoA
GetTickCount
HeapAlloc
HeapFree
CloseHandle
LoadLibraryA
LocalAlloc
LocalFree
LockFile
MapViewOfFile
OpenProcess
RtlZeroMemory
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
VirtualAlloc
IsBadCodePtr
WaitForSingleObject
WideCharToMultiByte
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetTempPathA
VirtualProtectEx
ord5
CreateEventA
CreateFileA
CreateDirectoryA
ConnectNamedPipe
CreateFileMappingA
CreatePipe
CreateProcessA
CreateThread
DeleteFileA
CreateNamedPipeA
DeviceIoControl
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
ExitThread
GetSystemDirectoryA
GetStartupInfoA
GetTickCount
HeapAlloc
HeapFree
CloseHandle
LoadLibraryA
LocalAlloc
LocalFree
LockFile
MapViewOfFile
OpenProcess
RtlZeroMemory
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
VirtualAlloc
IsBadCodePtr
WaitForSingleObject
WideCharToMultiByte
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetTempPathA
VirtualProtectEx
ord5

shell32

ShellExecuteA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA
InternetReadFile

ws2_32

inet_addr
accept
bind
closesocket
connect
gethostbyname
htons
WSACleanup
listen
recv
send
shutdown
socket
WSAStartup

ole32

CoTaskMemFree

urlmon

URLDownloadToFileA

Exports

Exports

mcfG7A

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a1614a08f9e809b426c84f3ba1ad5a9

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

wininet

ws2_32

ole32

urlmon

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 148KB

.rsrc Size: 512B - Virtual size: 384B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 148KB

.rsrc
Size: 512B - Virtual size: 384B

.reloc
Size: 2KB - Virtual size: 2KB