7a34897e5f13176c8dff64b81875a41c67d583928e55e7a47b154ab45589b22e

Sharing

Copy URL Twitter E-mail

General

Target

7a34897e5f13176c8dff64b81875a41c67d583928e55e7a47b154ab45589b22e
Size

1.4MB
MD5

5de1487ff95198575c0b03a271ea207e
SHA1

b594a15b1ef954e0b50d24b74c54b1821ca2a388
SHA256

7a34897e5f13176c8dff64b81875a41c67d583928e55e7a47b154ab45589b22e
SHA512

e9ce5fde7df94132b97da4b0949572ac46234571869502d02d95274b31dc8d77f9b664ed542822692994e549fd5a58418b6de5c1a1eb1a110c02c1eefdd40ac6
SSDEEP

24576:9dvYmhFPXPHifDvoZDgnM57kU8dV0ymMtRjvVn7BzXg:91phpXfkZBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a34897e5f13176c8dff64b81875a41c67d583928e55e7a47b154ab45589b22e

Files

7a34897e5f13176c8dff64b81875a41c67d583928e55e7a47b154ab45589b22e
.dll windows:4 windows x86 arch:x86

927fa671b308f922b2ef1cbaf742b743

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_stricmp
_strupr
sscanf
getenv
vsprintf
_iob
memset
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CIpow
_CIacos
strchr
fprintf
_strcmpi
_beginthreadex
mbstowcs
wcscpy
printf
memmove
strncmp
rand
strcspn
atoi
strncpy
sprintf
strrchr
strstr
_except_handler3
_CxxThrowException
exit
wcstombs
memcmp
strlen
_ftol
ceil
strcpy
__CxxFrameHandler
strcat
malloc
free
strcmp
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z

psapi

GetProcessMemoryInfo
GetModuleFileNameExA
GetProcessImageFileNameA
EnumProcessModules

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA

msvfw32

ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage
ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrame

ws2_32

WSAStartup
gethostname
closesocket
send
recv
select
getsockname
connect
socket

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

netapi32

NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetApiBufferFree
NetUserSetInfo

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

user32

GetForegroundWindow
GetWindowTextA
CharNextA
wsprintfA
EmptyClipboard
SetClipboardData
ExitWindowsEx
OpenClipboard
GetInputState
CloseClipboard
GetDC
ReleaseDC
GetClientRect
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
GetWindow
FindWindowA
GetAsyncKeyState
LoadCursorA
DestroyCursor
SystemParametersInfoA
keybd_event
MapVirtualKeyA
mouse_event
GetCursorPos
GetCursorInfo
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ShowWindow
PostMessageA
ChangeDisplaySettingsA
EndDialog
SetWindowPos
UpdateWindow
CreateDialogParamA
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
GetKeyState
GetSystemMetrics
SendMessageA
GetLastInputInfo
BlockInput
PostThreadMessageA
SetWindowTextA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
GetClipboardData

wtsapi32

WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA

oleaut32

SysFreeString

advapi32

IsValidSid
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
RegCloseKey
RegOpenKeyExA
GetUserNameA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
DeleteService
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
StartServiceCtrlDispatcherA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusA
ControlService
QueryServiceStatus
AbortSystemShutdownA
RegQueryValueExA

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

winmm

waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveInStart
waveInAddBuffer
waveInGetDevCapsA
waveOutGetNumDevs
waveOutClose
waveOutWrite
waveOutOpen
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
mixerClose
mixerGetLineInfoA
mixerGetDevCapsA
mixerGetNumDevs
mixerSetControlDetails
mixerOpen
waveOutPrepareHeader
mixerGetLineControlsA
mixerGetControlDetailsA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
BitBlt
GetRegionData
CombineRgn
CreateRectRgnIndirect

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
lstrcpyA
VirtualFree
VirtualAlloc
WideCharToMultiByte
InterlockedExchange
LocalReAlloc
LocalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindNextFileA
FindFirstFileA
GetCurrentProcess
GetVersion
Sleep
WriteFile
DeviceIoControl
CreateFileA
SetLastError
LocalFree
GetLastError
GlobalAlloc
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetVersionExA
GetFileAttributesA
lstrlenA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetModuleHandleA
DeleteFileA
CreateDirectoryA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
RemoveDirectoryA
SetFileAttributesA
GetFileSize
ReadFile
SetFilePointer
MoveFileA
GetSystemDirectoryA
GetLocalTime
ExitProcess
GetModuleFileNameA
GetCommandLineA
FreeConsole
TerminateProcess
GetCurrentProcessId
GetConsoleProcessList
AttachConsole
WinExec
GetTickCount
GetTempPathA
OutputDebugStringA
MoveFileExA
CopyFileA
DefineDosDeviceA
SetUnhandledExceptionFilter
CreateMutexA
GetCurrentThreadId
GlobalMemoryStatusEx
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalSize
QueryPerformanceFrequency
QueryPerformanceCounter
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
CreateRemoteThread
Module32Next
Module32First
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryDosDeviceA
GetPriorityClass
DisableThreadLibraryCalls
GetSystemInfo

Exports

Exports

RunDll

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

927fa671b308f922b2ef1cbaf742b743

Headers

File Characteristics

Imports

msvcrt

psapi

shell32

msvfw32

ws2_32

msvcp60

netapi32

ole32

user32

wtsapi32

oleaut32

advapi32

userenv

winmm

setupapi

gdi32

kernel32

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 496KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 72KB - Virtual size: 514KB

.rsrc Size: 4KB - Virtual size: 368B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 500KB - Virtual size: 496KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 72KB - Virtual size: 514KB

.rsrc
Size: 4KB - Virtual size: 368B

.reloc
Size: 28KB - Virtual size: 25KB