372653111ed17fb76b6b7a8dd244975b

Sharing

Copy URL Twitter E-mail

General

Target

372653111ed17fb76b6b7a8dd244975b
Size

14KB
MD5

372653111ed17fb76b6b7a8dd244975b
SHA1

f63e60fbc5e5b6c02668d79f5c68cbe21efad8cf
SHA256

9e054c947aaaffbf49e62ac07dcd89368fcb0414b977b3756a3ea77880b7caa8
SHA512

35223d09417a8fefe50ceda7ccd39850c218ca3741056b79f6efc06728fa52e4ccea31af7dcc91e4242854c5965b95d45d96d6c4ad7f9504c0a22d988999f59a
SSDEEP

192:wYMUVql4279pCb4VSfCMxjsj7T1hW6fhAEnzdVFJ:wYMztobaSfCD1hPz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
372653111ed17fb76b6b7a8dd244975b

Files

372653111ed17fb76b6b7a8dd244975b
.dll regsvr32 windows:4 windows x86 arch:x86

e248ba88e73adc9a4ad7082d8fa05850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
SendMessageA
OpenClipboard
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetClipboardData
GetClassNameA
FindWindowExA
CloseClipboard
CallNextHookEx
wsprintfA

kernel32

ReadProcessMemory
GlobalUnlock
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WinExec
SystemTimeToFileTime
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateThread
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTickCount
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
ReadFile
LocalAlloc
LocalFree
SetFilePointer

advapi32

GetUserNameA

wsock32

inet_ntoa
socket
inet_addr
htons
gethostbyname
send
recv
closesocket
WSAStartup
connect

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e248ba88e73adc9a4ad7082d8fa05850

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

wininet

urlmon

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 78KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 78KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB