207475e8b0189b9baa1b8a8a4eeff0376c2c9d846047ec58bd88931654fadbbd

Sharing

Copy URL Twitter E-mail

General

Target

207475e8b0189b9baa1b8a8a4eeff0376c2c9d846047ec58bd88931654fadbbd
Size

145KB
MD5

25023e629513b32cd50471be77238c73
SHA1

cbe32d95b295d6d4d296592069cac8064e420cea
SHA256

207475e8b0189b9baa1b8a8a4eeff0376c2c9d846047ec58bd88931654fadbbd
SHA512

25969f825c5b002de114142469664d88e225c1a04e2a654109041dbc1f7d9a4dde94ba6c70d2ef4c01d17510a59087bc290f20be11752878f6eee253734a0296
SSDEEP

3072:sf479uHqK5ef2f+6zkTm1EY73QMtDDl7SxPxCLNGCtyudS:o479uKKkOFzkK1jQMtwjCLNGCgGS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
207475e8b0189b9baa1b8a8a4eeff0376c2c9d846047ec58bd88931654fadbbd

Files

207475e8b0189b9baa1b8a8a4eeff0376c2c9d846047ec58bd88931654fadbbd
.dll windows:6 windows x86 arch:x86

e65a9416ceb2efdf636742f357f6682e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetSubMenu
TrackPopupMenu
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
PostMessageA
GetDialogBaseUnits
SetWindowTextA
IsWindowVisible
AppendMenuA
ShowWindow
SetWindowPos
GetClientRect
GetTopWindow
CreateDialogParamA
GetWindowRect
GetSystemMenu
DestroyWindow
ReleaseDC
GetDC
GetParent
GetFocus
EmptyClipboard
SetClipboardData
LoadMenuA
GetWindowLongA
GetDlgItem
GetCursorPos
DestroyMenu
SendMessageA
wsprintfA
MessageBeep
wvsprintfA
CallWindowProcA
EndPaint
GetMessageA
RegisterClassExA
PostQuitMessage
BeginPaint
TranslateMessage
CreateWindowExA
DispatchMessageA
UpdateWindow
GetWindowTextA
MapDialogRect
InvalidateRect
MoveWindow
SetCursor
SetTimer
SendDlgItemMessageA
SetDlgItemTextA
SetForegroundWindow
LoadIconA
SetWindowLongA
MessageBoxA
UnregisterClassA
SetClassLongA
DefWindowProcA
IsWindow
GetSystemMetrics
EnableWindow
FindWindowA
LoadCursorA
DestroyIcon
CheckMenuItem
GetWindow
EndDialog
KillTimer
UnhookWindowsHookEx
SystemParametersInfoA
RegisterClassA
GetClassInfoA
DialogBoxParamA
OpenClipboard
CloseClipboard

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish
ShellExecuteA
DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA

gdi32

GetTextExtentPoint32A
LPtoDP

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
ReportEventA
RegSetValueExA
RegisterEventSourceA
DeregisterEventSource

ws2_32

closesocket
getservbyname
socket
bind
recv
sendto
setsockopt
WSASetLastError
listen
htons
htonl
inet_addr
ntohl
recvfrom
inet_ntoa
gethostname
WSAIoctl
send
gethostbyname
WSAAsyncSelect
ntohs
WSAStartup
__WSAFDIsSet
select
ioctlsocket
WSACleanup
WSAGetLastError
connect
WSACreateEvent
WSACancelBlockingCall
WSAIsBlocking
WSAEventSelect
WSACloseEvent
getsockname
accept

comctl32

InitCommonControlsEx

iphlpapi

GetIpNetTable
SendARP
GetAdaptersInfo

kernel32

FindClose
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetPrivateProfileStringA
FormatMessageA
LocalFree
IsProcessorFeaturePresent
EncodePointer
QueryPerformanceCounter
DeleteFileA
SetCurrentDirectoryA
ReleaseSemaphore
CreateSemaphoreA
GetFileAttributesA
GetFileSize
WriteFile
WaitForMultipleObjects
GetSystemTime
GetCurrentDirectoryA
ResetEvent
CreatePipe
SetFileAttributesA
GetStartupInfoW
GetModuleFileNameW
ReadFile
TerminateProcess
CreateProcessW
SetEndOfFile
SetFilePointer
CreateFileA
GetCurrentProcessId
OutputDebugStringA
DeleteCriticalSection
DecodePointer
RaiseException
FindFirstFileA
HeapDestroy
CreateEventA
GetProcessHeap
SetEvent
HeapFree
HeapAlloc
HeapReAlloc
lstrcmpiA
WaitForSingleObject
CreateProcessA
GetFullPathNameA
CloseHandle
ReleaseMutex
CreateMutexA
SetProcessWorkingSetSize
GetCurrentProcess
FindNextFileA
FileTimeToSystemTime
GetDateFormatA
GlobalAlloc
GlobalLock
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TerminateThread
SuspendThread
SetThreadPriority
SetLastError
GetEnvironmentVariableA
SetEnvironmentVariableA
lstrcpyA
GetCurrentThreadId
GetLastError
lstrcatA
Sleep
GetTickCount
lstrcpynA
lstrcmpA
GetLocalTime
lstrlenA
GlobalUnlock
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
IsDebuggerPresent
CreateThread
HeapSize

msvcr120

_beginthread
strchr
malloc
qsort
free
_endthread
strncmp
strstr
atoi
strnlen
bsearch
realloc
strncpy
_localtime64_s
calloc
_wassert
_strdup
_mktime64
??3@YAXPAX@Z
memmove
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_hypot
??2@YAPAXI@Z
swprintf_s
wcsrchr
printf
rand
strcpy_s
srand
fopen
strcat_s
fopen_s
asctime
_localtime64
isdigit
strerror
toupper
_stat64i32
memset
strrchr
memcpy
_crt_debugger_hook
memcmp
__crtUnhandledException
__crtTerminateProcess
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
?terminate@@YAXXZ
__clean_type_info_names_internal
ftell
fseek
fclose
_time64
sprintf
strncat
_purecall
sscanf
_recalloc
memmove_s
_CxxThrowException
__CxxFrameHandler3
sscanf_s
sprintf_s
vsprintf_s

msvcp120

?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??0id@locale@std@@QAE@I@Z

shlwapi

SHDeleteKeyA

Exports

Exports

GetPxeFns

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shareda
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e65a9416ceb2efdf636742f357f6682e

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

gdi32

comdlg32

advapi32

ws2_32

comctl32

iphlpapi

kernel32

msvcr120

msvcp120

shlwapi

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 93KB

.shareda Size: 512B - Virtual size: 4B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 93KB

.shareda
Size: 512B - Virtual size: 4B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 9KB - Virtual size: 9KB