22bce68ec7a42810663ed4d876325f17

Sharing

Copy URL

Twitter E-mail

General

Target

22bce68ec7a42810663ed4d876325f17
Size

71KB
MD5

22bce68ec7a42810663ed4d876325f17
SHA1

1d384365de19e8dbcc0fe7221f4982b3b9638fb2
SHA256

772a126e3a17a7fb43ef6edc174dfd0ab3f3b863c5e8e71aeb23bfa8ae31bff1
SHA512

c23ed26e0bdd4a759395d75ac438e474727a5c1bddb15400108847b52c1bb45dcccfbedb9e9de9c4f7c102bb3009e46ac2fa686ed096565d0473eed5a9218598
SSDEEP

768:B2nAH4v9ae83yFKRbkhGnIvynN53fmm8aIkIl0vM/JUDIJ6AKPeD4:k8dSO3+m8Xk5vEGD8DKM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22bce68ec7a42810663ed4d876325f17

Files

22bce68ec7a42810663ed4d876325f17
.dll windows:1 windows x86 arch:x86

9e57202f4ebce8928c8f5ae612c9d19b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

ws2_32

ntohs
WSACleanup
inet_addr
htons
getsockname
socket
gethostname
gethostbyname
shutdown
connect
closesocket
__WSAFDIsSet
WSAStartup
send
select
WSAGetLastError
recv

msvcrt

_ctype
_ftol
_sleep
atoi
atol
fclose
free
malloc
memcmp
memcpy
memset
printf
raise
rand
setbuf
sprintf
srand
strcat
strcmp
strcpy
strncmp
strncpy
strstr
time
_beginthreadex

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpQueryInfoA

kernel32

DeleteFileA
DisconnectNamedPipe
DuplicateHandle
ExitProcess
ExitThread
FindFirstFileA
GetCurrentProcess
GetEnvironmentStringsA
GetFileInformationByHandle
GetFileSize
GetFileTime
GetLastError
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
CloseHandle
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
OpenProcess
PeekNamedPipe
ReadFile
RtlUnwind
RtlZeroMemory
CreateFileA
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
TerminateProcess
TerminateThread
VirtualAlloc
VirtualAllocEx
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WinExec
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
CreatePipe
CreateProcessA
CreateThread

advapi32

LookupPrivilegeValueA
CloseServiceHandle
ControlService
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
StartServiceA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shlwapi

StrStrIA

crtdll

_fdopen
_itoa
_open_osfhandle
_stricmp
_strnicmp
_cexit
pow

Exports

Exports

_ThreadEntry@4

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 136B - Virtual size: 136B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e57202f4ebce8928c8f5ae612c9d19b

Headers

File Characteristics

Imports

psapi

ws2_32

msvcrt

wininet

kernel32

advapi32

shlwapi

crtdll

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 1KB

.rdata Size: 84B - Virtual size: 84B

.data Size: 32KB - Virtual size: 32KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.edata Size: 136B - Virtual size: 136B

.text
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 84B - Virtual size: 84B

.data
Size: 32KB - Virtual size: 32KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.edata
Size: 136B - Virtual size: 136B