22bfda0e0776aa6bb6e18b68b59dcb9d

Sharing

Copy URL Twitter E-mail

General

Target

22bfda0e0776aa6bb6e18b68b59dcb9d
Size

31KB
MD5

22bfda0e0776aa6bb6e18b68b59dcb9d
SHA1

25abe5fe33aa588e0e9e9b3ceb44f669d1ca553f
SHA256

9f77e5eeb48444fecb9dd7b735ba40cf84186720e2925a3a98d43b75b2fe38c0
SHA512

ad11058b9d89f81b985e8d2d60bcbb251912569f3f762d5c600bbad7e5fd033ad9c45650c777fcb4d8141d74e21642ef942f667bc73524e84c5e5869209bfe22
SSDEEP

768:DALphDsCEcas48jO62+qyxrne2E+BsTwbOf:DqTkUE+qernEesTsOf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22bfda0e0776aa6bb6e18b68b59dcb9d

Files

22bfda0e0776aa6bb6e18b68b59dcb9d
.dll windows:4 windows x86 arch:x86

cfe0cde2e265086d0b76821f6ee5dac5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
lstrlenA
ReadFile
WriteFile
GetTickCount
CreateFileA
SetLastError
SetFilePointer
CloseHandle
GetFileSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
SetFileTime
DeleteFileA
MultiByteToWideChar
lstrcatA
HeapDestroy
FindClose
FindNextFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SystemTimeToTzSpecificLocalTime
GetSystemTime
HeapFree
FindFirstFileA
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetDriveTypeA
GetLogicalDriveStringsA
SetEndOfFile
Sleep
ReleaseMutex
CreateMutexA
TerminateThread
SystemTimeToFileTime
SetCurrentDirectoryA
GetSystemDirectoryA
lstrcmpA
HeapSize
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessA
TerminateProcess
OpenProcess
lstrlenW
LocalFree
CreateThread
HeapCreate
InitializeCriticalSection
GetLastError
LoadLibraryA
WaitForSingleObject
FreeLibrary
DeleteCriticalSection
GetCurrentProcess
GetModuleHandleA
GetProcAddress
FileTimeToSystemTime

user32

wvsprintfA
CharUpperA

advapi32

AdjustTokenPrivileges
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA

ole32

CoInitialize
CoTaskMemFree

ws2_32

htons
connect
closesocket
socket
send
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
recv
inet_addr
WSAGetLastError

shlwapi

StrDupA
StrToIntExA
StrToIntA

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

msvcrt

malloc
_initterm
free
isalpha
strstr
strcpy
strcat
vsprintf
_local_unwind2
_except_handler3
_adjust_fdiv
strcmp
abs
_EH_prolog
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memmove
memcpy
srand
memcmp
atoi
memset
strchr
rand

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfe0cde2e265086d0b76821f6ee5dac5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ws2_32

shlwapi

mpr

msvcrt

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB