190f20fbcb4c5206bf83b9007f8b0d07

Sharing

Copy URL Twitter E-mail

General

Target

190f20fbcb4c5206bf83b9007f8b0d07
Size

64KB
MD5

190f20fbcb4c5206bf83b9007f8b0d07
SHA1

8aa1e6bf62fd923465a1b974c1076033de912942
SHA256

e6e05177e1b907df917c220c41d1093c64cc367b5bfb5094af6ed3942a74fe85
SHA512

843a763cea7cf901fced29fdfc31775bcba355818f900c21259df6eaff6ecbe5af47ae97cfbc92f26183858541112f5e6a74f8f5d5e6e1e70227d63600b221ae
SSDEEP

768:d1mQyzzucp8w02SPT+ZhUhDIghFy8qzBok1uV3C5tvUsCx8oToUaKGv:Lm9zSPT+sbFyrKk16q8sCx8qoUD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
190f20fbcb4c5206bf83b9007f8b0d07

Files

190f20fbcb4c5206bf83b9007f8b0d07
.dll windows:4 windows x86 arch:x86

0421ece1acca9706b50ddccb741fcb04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
TerminateProcess
GetPrivateProfileIntA
CreateToolhelp32Snapshot
OpenMutexA
Process32First
Process32Next
OpenProcess
ResetEvent
GetExitCodeProcess
WaitForSingleObject
CreateEventA
CreateThread
TerminateThread
OpenEventA
SetEvent
CloseHandle
LocalAlloc
LocalFree
GetSystemDirectoryA
OutputDebugStringA
SetLastError
GetLastError
GetModuleFileNameA
FreeConsole
InterlockedDecrement
GetStartupInfoA
GetFileType
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
Sleep
InterlockedIncrement
WideCharToMultiByte
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetProcAddress
GetCPInfo
FlushFileBuffers
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetFilePointer
CreateFileA
GetACP
GetOEMCP

user32

DefWindowProcA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DestroyWindow
WaitForInputIdle
PostMessageA
FindWindowA
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

GetStockObject

advapi32

RegCreateKeyA
QueryServiceConfig2A
ChangeServiceConfig2A
OpenServiceA
DeleteService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
CreateServiceA
ChangeServiceConfigA
CloseServiceHandle
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
ControlService
QueryServiceConfigA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
CreateProcessAsUserA
LookupAccountSidA
GetTokenInformation

arws

ord2
ord1

Exports

Exports

RundllInstall
RundllUninstall
ServiceHandler
ServiceMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0421ece1acca9706b50ddccb741fcb04

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

arws

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB