1b9aba4cc7ae0419c694e0c1435d1001

Sharing

Copy URL Twitter E-mail

General

Target

1b9aba4cc7ae0419c694e0c1435d1001
Size

57KB
MD5

1b9aba4cc7ae0419c694e0c1435d1001
SHA1

89ee956b3e17210d3114b442d3a6f2d69bc9af45
SHA256

084f3115985dfecac29f4569a0d86a8570cd90939f2e0b56da1b356dd4e6c47c
SHA512

38f3a40509ae22926d7af0987ec84eabbdd99c134aeb37023af654de20b73555b87a920e75e6672315c5a1ff50f35dae51604e0647229720141289c15b2972a4
SSDEEP

1536:6bX2ZhG/Jcbf4YxLwJ1QpjGMpmDDh1xxNn:OmUcbf4Y8aZfODh1rV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b9aba4cc7ae0419c694e0c1435d1001

Files

1b9aba4cc7ae0419c694e0c1435d1001
.dll windows:4 windows x86 arch:x86

5bfedcfdfebda39212fa66c3d271c1f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
longjmp
_setjmp3
vsprintf
memmove
_purecall
_strlwr
strncmp
strncpy
atoi
strcmp
isdigit
strcat
strcpy
malloc
strlen
_iob
fprintf
strspn
strcspn
tolower
_strdup
strchr
sscanf
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_splitpath
memset
_itoa
memcpy
memcmp
strstr
strncat
isxdigit
free
isupper
isspace
ispunct
isprint
islower
isgraph
iscntrl
isalpha
isalnum

kernel32

FlushInstructionCache
GetCurrentProcess
GetProcAddress
VirtualProtect
CreateMutexA
WaitForSingleObject
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
LoadLibraryA
GetComputerNameA
GetVolumeInformationA
lstrcpynA
FreeLibrary
VirtualQuery
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetTickCount
TlsSetValue
TlsGetValue
SetEvent
lstrlenA
lstrcatA
lstrcpyA
GetCurrentProcessId
TlsAlloc
TlsFree
GetModuleHandleA
GetModuleFileNameA
IsDebuggerPresent
CreateThread
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TerminateThread
WaitForMultipleObjects
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetVersionExA

user32

UnhookWindowsHookEx
FindWindowA
SendMessageA
wsprintfA
CharLowerA
CallNextHookEx
SetWindowsHookExA

advapi32

CryptGetHashParam
CryptDeriveKey
CryptGetUserKey
CryptImportKey
CryptEncrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGenKey
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
CryptDecrypt

ws2_32

closesocket
send
WSASend
WSARecv
connect
gethostbyname
inet_ntoa
ntohs
getpeername
WSAGetLastError
recv

wininet

InternetOpenA
HttpQueryInfoA
InternetQueryOptionA
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle

Exports

Exports

_fuckAllProcesses@8

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bfedcfdfebda39212fa66c3d271c1f0

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 7KB

.Shared Size: 512B - Virtual size: 12B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 7KB

.Shared
Size: 512B - Virtual size: 12B

.reloc
Size: 5KB - Virtual size: 4KB