28f93d9a3b1a7f2820e808d5d6188b32

Sharing

Copy URL

Twitter E-mail

General

Target

28f93d9a3b1a7f2820e808d5d6188b32
Size

231KB
MD5

28f93d9a3b1a7f2820e808d5d6188b32
SHA1

e939470d4e7bf3ef57004acfce38e8eef9556e18
SHA256

78bc259da4a7259a8947ecef27931e9d1b97e0a2aafb6c36ea5a0e694b666aa8
SHA512

0be547ae410616a93a73047ec3dad9af0d8444e1ce136ec6f38f9c6ef759ae5e3d1a76c414b809e4d0d5ee3e1ba71440e6375b9616442a2f6412fe1ecc44e3e5
SSDEEP

3072:6K3VtzgoxXDrdGPXQquxy0R5+cGVjd2pgN/VVM6PBI6TRSlCucJ9gCvy/vxTGyNO:V/kPGk2+Zx/BIqAXLCaHxBN9ky

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f93d9a3b1a7f2820e808d5d6188b32

Files

28f93d9a3b1a7f2820e808d5d6188b32
.dll windows:4 windows x86 arch:x86

32ca2919bcf18cf76192debaae7b2509

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord859
ord6877
ord2764
ord940
ord5683
ord2393
ord922
ord4129
ord665
ord941
ord939
ord354
ord923
ord2820
ord654
ord668
ord2770
ord924
ord356
ord341
ord773
ord501
ord1083
ord5607
ord2762
ord3346
ord3811
ord6928
ord6930
ord2781
ord926
ord5651
ord3127
ord3616
ord5442
ord3318
ord5186
ord350
ord3663
ord5572
ord2915
ord1832
ord3126
ord349
ord550
ord5645
ord5583
ord3701
ord500
ord772
ord5860
ord6142
ord5440
ord6383
ord5450
ord6394
ord1833
ord2917
ord1979
ord2803
ord958
ord6312
ord4177
ord6385
ord6010
ord5773
ord2601
ord3180
ord3183
ord3176
ord3507
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord860
ord2614
ord540
ord535
ord2818
ord823
ord1099
ord537
ord858
ord800
ord6153
ord825

msvcrt

memmove
calloc
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CxxThrowException
_mbscoll
_getcwd
_chdir
_mbscmp
_splitpath
malloc
atoi
_stricmp
_CIpow
_ftol
strchr
sprintf
strncpy
strncat
wcstombs
__CxxFrameHandler
_itoa
realloc

kernel32

lstrlenA
WideCharToMultiByte
VirtualFree
OutputDebugStringA
GetModuleFileNameA
CreateDirectoryA
MultiByteToWideChar
SetFileAttributesA
GetDriveTypeA
SetVolumeLabelA
GetDiskFreeSpaceA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DisableThreadLibraryCalls
VirtualAlloc

user32

OemToCharBuffA
SendMessageA
CharToOemBuffA

ole32

StgOpenStorage

oleaut32

SysFreeString
SysAllocStringLen

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

getStringToMsOffice

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32ca2919bcf18cf76192debaae7b2509

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

oleaut32

wininet

version

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 44KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 44KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB