24cb57850ca168b9abb63ec9a7186492

Sharing

Copy URL Twitter E-mail

General

Target

24cb57850ca168b9abb63ec9a7186492
Size

88KB
MD5

24cb57850ca168b9abb63ec9a7186492
SHA1

10fcf420dc5372976fd948b633a0a9dfd537cdb6
SHA256

86219b88750e46596200d1261a619f75dd3339419a26b2830513af66a9e82c2e
SHA512

9e436dd5b2a980db4cfd38542def2d26c318cdfac39bea280330a4febcb84f1cc56f9b087f37c3fd607afea949e74accf146075d7566f77c604b43dde95f431c
SSDEEP

1536:gQI90LAWzrsr7nTnqCufwwTygGx4qW6ouNzTHk:gQI9KAWzrsr7n7Fu/Gx4qW6ouNzTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24cb57850ca168b9abb63ec9a7186492

Files

24cb57850ca168b9abb63ec9a7186492
.dll windows:4 windows x86 arch:x86

2fde23aae5f0e68fa952ca2b1e45d10c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

WriteProcessMemory
VirtualAllocEx
GetWindowsDirectoryA
FreeLibrary
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
GetCurrentProcess
SetUnhandledExceptionFilter
FreeConsole
SetEvent
CreateEventA
GetCurrentThreadId
WriteFile
VirtualProtectEx
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadProcessMemory
CreateFileA
SetFilePointer
ReadFile
lstrlenA
DeleteFileA
SetLastError
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
OpenProcess
lstrlenW
WideCharToMultiByte
Sleep
WaitForSingleObject
CloseHandle
lstrcatA
HeapAlloc
HeapFree
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

user32

SendMessageA
SetThreadDesktop
OpenDesktopA
FindWindowExA
wsprintfA
PostMessageA
FindWindowA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseDesktop

advapi32

ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString

wininet

InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetOpenA

ws2_32

WSAStartup

Exports

Exports

ServiceMain

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fde23aae5f0e68fa952ca2b1e45d10c

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

ole32

oleaut32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 5KB