2b7a7adfd709a4da5ec2854934769e2d

Sharing

Copy URL Twitter E-mail

General

Target

2b7a7adfd709a4da5ec2854934769e2d
Size

132KB
MD5

2b7a7adfd709a4da5ec2854934769e2d
SHA1

2c91557bd8fe4fdb9b8472db16a3f27931841403
SHA256

28cc1b975443f662c1b13948e771a5eb18186be51317b2fd0c3e498c142fafe8
SHA512

87a6994decc8c39e52af8abea84f421ac65dc11eeccf3169b9214bee7e8e9474b7b6850982a74ce236d5b2327967801bae2b10624d4830fb54edb031f4e9f2f0
SSDEEP

1536:p1R4pNTA9yYejzwMxFaP3yKNy6ZzXzibN7MJ4gkIkQZwbUhxxZFCoG1ewli1CUfz:p1R4qej8MxFaJZgSvq3bSZQoG1ewl+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b7a7adfd709a4da5ec2854934769e2d

Files

2b7a7adfd709a4da5ec2854934769e2d
.dll windows:4 windows x86 arch:x86

d0c23bafd03f249150ae0f0f95219a43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventW
GetModuleHandleW
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
FreeLibrary
LoadLibraryW
GetModuleFileNameA
ResumeThread
CreateProcessW
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileStringW
OpenFile
ExitProcess
DeleteFileA
GetCurrentThreadId
WriteFile
PeekNamedPipe
GetStartupInfoW
CreatePipe
GetTempPathW
GetWindowsDirectoryW
SetEvent
GlobalMemoryStatus
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
GetExitCodeThread
VirtualFree
GetComputerNameW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetStringTypeW
GetStringTypeA
FindFirstFileW
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
GetFileSize
CloseHandle
GetVolumeInformationW
TerminateThread
lstrlenW
WideCharToMultiByte
Sleep
GetLastError
CreateThread
lstrcpyW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
FindNextFileW
FindClose
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
MoveFileA
GetSystemDirectoryW
lstrcatW
DeleteFileW
CopyFileW
CreateProcessA
ReadFile
GetACP
SetEndOfFile
InterlockedExchange

user32

DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
KillTimer
GetAsyncKeyState
SetTimer
DefWindowProcW
IsWindow
SendMessageW
GetDesktopWindow
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
EnumChildWindows
mouse_event
SetCursorPos
keybd_event
LoadIconW
GetSystemMetrics
GetWindowTextA
ReleaseDC
FindWindowExW
GetWindowTextW
ExitWindowsEx
wsprintfW
FindWindowW
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC

advapi32

RegOpenKeyExW
DeleteService
ImpersonateSelf
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoInitialize

shell32

SHFileOperationW
ShellExecuteA

oleaut32

VariantClear
VariantInit
SysFreeString

ws2_32.dll

ord8
ord116
ord14
ord15
ord18
ord5
ord19
ord16
ord9
ord115
ord12
ord52
ord3
ord20
ord23
ord11
ord21
ord4

avicap32

capCreateCaptureWindowW
capGetDriverDescriptionW

gdi32

GetStockObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject

psapi

GetModuleFileNameExW
EnumProcessModules

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

Exports

Exports

DownCtrlAltDel
GetDllModuleControl
StartServer

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BYShell
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0c23bafd03f249150ae0f0f95219a43

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

ws2_32.dll

avicap32

gdi32

psapi

wininet

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 19KB

.BYShell Size: 4KB - Virtual size: 520B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 19KB

.BYShell
Size: 4KB - Virtual size: 520B

.reloc
Size: 12KB - Virtual size: 8KB