21e7d4863c03fcc514a0fa8acdc22aca

Sharing

Copy URL Twitter E-mail

General

Target

21e7d4863c03fcc514a0fa8acdc22aca
Size

71KB
MD5

21e7d4863c03fcc514a0fa8acdc22aca
SHA1

dc3403966dd8236accee966cb2475a5f1bfbdcc2
SHA256

708566a8fd13de23c519c31f667ebfc8454984850b7543991de520caebf05795
SHA512

194dd770338f7a6c8a69cacd76f433142ab438c422253fdbd7fe2c5c1e453065c7a9275d1a1b8b09844f781c5df85696fa20e93298cc14f58193fa369828aa6e
SSDEEP

1536:23ltvvFk/hHhEK6m97RR+XAzzlz2JADp6aI/xIw:QjXFithEK6m97SXAYJ3aI/xIw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e7d4863c03fcc514a0fa8acdc22aca

Files

21e7d4863c03fcc514a0fa8acdc22aca
.dll windows:4 windows x86 arch:x86

a662519368ff627333ea0253fc70f857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
MessageBoxA
GetActiveWindow
GetUserObjectInformationA
EnumChildWindows
SetWindowsHookExW
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
wsprintfA
CharUpperA
GetWindowTextA
GetWindowThreadProcessId
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DispatchMessageA
GetMessageA
DestroyWindow
SendMessageA
CreateDesktopA
IsWindow
PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
SetThreadDesktop
CallNextHookEx

gdi32

GetDIBits
GetDeviceCaps
CreateDCA
CreateCompatibleDC
SelectObject
DeleteObject
CreateCompatibleBitmap
DeleteDC
BitBlt

advapi32

LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
OpenThreadToken
RegCreateKeyExA
ChangeServiceConfigA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueExA
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
EnumServicesStatusA
DeleteService
StartServiceA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AdjustTokenPrivileges

shell32

SHEmptyRecycleBinA
ShellExecuteA
SHFileOperationA

ole32

CreateStreamOnHGlobal

ws2_32

htons
closesocket
gethostbyname
inet_addr
WSAStartup
WSADuplicateSocketA
WSASocketA
send
recv
select
inet_ntoa
getsockname
ntohs
accept
listen
setsockopt
bind
socket
connect

shlwapi

StrStrA
StrCmpW
StrToIntA
StrCmpNIA
StrRChrA
StrChrA
SHDeleteKeyA

psapi

GetModuleFileNameExA
EnumProcesses

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmGetContext

msvcrt

_initterm
_adjust_fdiv
strchr
strcpy
malloc
wcscmp
free
_EH_prolog
__CxxFrameHandler
abs
_beginthread
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

winmm

waveInClose
waveInStop
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInUnprepareHeader

kernel32

SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcatA
OpenEventA
CallNamedPipeA
GetStartupInfoA
GetModuleFileNameA
GetSystemDirectoryA
GetLocalTime
WideCharToMultiByte
lstrlenW
ExitProcess
GetFileAttributesA
CreateThread
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GlobalMemoryStatus
GetComputerNameA
GetSystemInfo
GetOEMCP
DeviceIoControl
CreateProcessA
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetCurrentProcessId
lstrcmpiA
FindFirstFileA
lstrcmpA
FindNextFileA
GetLastError
FindClose
GetFileAttributesExA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
lstrcpyA
MoveFileA
CreateDirectoryA
WriteFile
GetTempPathA
lstrlenA
GetFileSize
DeleteFileA
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
GetCurrentThreadId
SetEvent
Sleep
GetVersionExA
GetVersion
QueryPerformanceCounter
GetACP
QueryPerformanceFrequency
CloseHandle
ReadFile
GetTickCount
GetFileSizeEx
CreateFileA
CreateMutexA
CreateEventA
GlobalFree
ReleaseMutex
ResetEvent
WaitForSingleObject
LoadLibraryA
SetFilePointerEx

Exports

Exports

DoMainWork DoService
DoService
ServiceMain

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a662519368ff627333ea0253fc70f857

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

wininet

imm32

msvcrt

avicap32

winmm

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB