2b7112a04a5c6b8a25c129b1a79d2f43

Sharing

Copy URL Twitter E-mail

General

Target

2b7112a04a5c6b8a25c129b1a79d2f43
Size

78KB
MD5

2b7112a04a5c6b8a25c129b1a79d2f43
SHA1

7d3a8bd5f3769018aa95be0cdd376e9d6bd5b9e8
SHA256

eae53d7146f3f2ea668d410911c5be4fa2be2c0b4b8911a63474f7ac3731e816
SHA512

2bf823fdcf434edec62fb8f45c5e58b19c069a523654f751de379de3652c7e46d21a066ad2d66fcb5e2ca4f2c83ddbe024d4dd074f4c5d4749b22cd39400cbd6
SSDEEP

1536:giWV/l/fHG+3n501FFfBmmjMfqrXBE2Ie:Vot//TXO1XfBm+QqTW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b7112a04a5c6b8a25c129b1a79d2f43

Files

2b7112a04a5c6b8a25c129b1a79d2f43
.dll windows:4 windows x86 arch:x86

1a9dd0ea517789caa3a999eeda4452d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
CreateDirectoryA
DeviceIoControl
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleA
LoadLibraryA
VirtualQuery
GetProcAddress
GetFileSize
GlobalFree
GlobalReAlloc
GlobalAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
FreeLibrary
CreateMutexA
TerminateThread
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
ResumeThread
ExitProcess
Process32Next
Sleep
IsBadReadPtr
VirtualQueryEx
OpenProcess
Process32First
HeapAlloc
GetProcessHeap
GetLastError
OutputDebugStringA
GetSystemDirectoryA
OpenMutexA
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
ReadProcessMemory
EnterCriticalSection
WinExec
GetTempFileNameA
GetPrivateProfileStringA
MoveFileA
GetTempPathA
GetFileAttributesA
CreateFileA
GetTickCount
WriteFile
CloseHandle
ReadFile
SetFilePointer
DeleteFileA
GetModuleFileNameA
GetFileAttributesW
CreateThread

user32

SetFocus
FindWindowA
SendMessageA
IsWindow
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
GetWindowTextA
wvsprintfA
GetWindowTextW
wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetWindowTextA
IsWindowVisible
GetDlgCtrlID
GetParent
GetWindowLongA
GetFocus
SetWindowLongA
GetKeyState
GetForegroundWindow
EnumThreadWindows
GetClassNameA
FindWindowExA
GetWindow

gdi32

CreateFontA

advapi32

RegCloseKey
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA
QueryServiceStatus
ControlService

wininet

InternetCloseHandle
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetOpenA
FtpPutFileA

shlwapi

PathFileExistsA

msvcrt

_onexit
_initterm
__dllonexit
_adjust_fdiv
free
wcsncpy
wcslen
wcsstr
??2@YAPAXI@Z
wcsncat
wcscpy
_itoa
_stricmp
_strcmpi
strncmp
__CxxFrameHandler
malloc
memmove
strncpy
sprintf
??3@YAXPAX@Z
strstr
strchr
_except_handler3
strncat
atol
strrchr
atoi
_beginthread

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

ws2_32

connect
inet_ntoa
WSARecv
getpeername
htons
WSAGetLastError
closesocket

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9dd0ea517789caa3a999eeda4452d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

shlwapi

msvcrt

msvcp60

ws2_32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 6KB - Virtual size: 6KB