244fcb71c16ab8163f25c633dcb91b1c

Sharing

Copy URL

Twitter E-mail

General

Target

244fcb71c16ab8163f25c633dcb91b1c
Size

355KB
MD5

244fcb71c16ab8163f25c633dcb91b1c
SHA1

cf0256c44be6b311558358bb00f9ec257ec90236
SHA256

48589e8612584c5b67c325367e53b63379dbf984a0a0dc905bd29fd3f7fd6c03
SHA512

8768bcda747665ef22c4ca8208c43ade6397f7792a6b32a8ce37f7630513a684b7c3ab69620d5a74350f00e74ba72393f6ba08cec988172d5e0552161814d5cb
SSDEEP

6144:BstpyZ+ANKFOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbAmOOmljdLGeZOGH7Cu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

244fcb71c16ab8163f25c633dcb91b1c

resource
244fcb71c16ab8163f25c633dcb91b1c

Files

244fcb71c16ab8163f25c633dcb91b1c
.dll windows:6 windows x86 arch:x86

81dcae87737005169c62f2a77494413a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
CreateProcessA
GetEnvironmentVariableA
RemoveDirectoryA
GetDiskFreeSpaceA
GetModuleFileNameA
VirtualProtect
GetCurrentDirectoryA
GetCurrentThreadId
GetTempPathA
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
ExitProcess
GetModuleHandleExW

user32

GetMessagePos
CheckMenuItem
FindWindowA
UpdateWindow
LoadImageA
DispatchMessageA
ShowWindow
EnumChildWindows
CheckMenuRadioItem
GetAsyncKeyState
GetWindowTextW
GetDC
DrawIcon
IsWindowEnabled
GetClassNameA

ole32

OleUninitialize
OleInitialize
OleSetContainedObject
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

dhcpcsvc

DhcpRequestParams
DhcpCApiInitialize
DhcpRegisterParamChange
DhcpCApiCleanup
DhcpUndoRequestParams
DhcpRemoveDNSRegistrations

Exports

Exports

Behind
Factpresent
Steadunder

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81dcae87737005169c62f2a77494413a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

dhcpcsvc

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 7KB - Virtual size: 614KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 7KB - Virtual size: 614KB

.reloc
Size: 9KB - Virtual size: 8KB