3725fcd5d9c6794d878e7e1aaefc1f6b

Sharing

Copy URL Twitter E-mail

General

Target

3725fcd5d9c6794d878e7e1aaefc1f6b
Size

34KB
MD5

3725fcd5d9c6794d878e7e1aaefc1f6b
SHA1

a1db868f1309b04b009b82c33a755b9859465dba
SHA256

71f610d4ae5765723117d5a019b72335ac2187714001266c71dbeca003cfa13a
SHA512

8b10fdf22a6b8dee17044bb9ec771d250bacbec252bef86a0f208b081a325bb166309a6f9875cc2b4c5ec2db6f68026d279283950b755df718fc3f709da7c730
SSDEEP

384:OKMOA4adiivDFLljR0gyO+tfkUbrkDu4BhtbCtdqYGorCTQylLPr9HOOXbnCiEfI:OKMVv5lh+1f2hBhVCbcTQGOWnCiEg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3725fcd5d9c6794d878e7e1aaefc1f6b

Files

3725fcd5d9c6794d878e7e1aaefc1f6b
.dll windows:4 windows x86 arch:x86

116a0a71ecd1dfb7ba5079d90c7b4a28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
GetTempPathA
Process32Next
Process32First
CreateToolhelp32Snapshot
WritePrivateProfileStringA
CreateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
GetModuleHandleA
CopyFileA
SetFileAttributesA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
CreateFileA
ReadFile
GetFileSize
CloseHandle
GetTickCount
lstrcmpiA
lstrcpynA
lstrlenA
lstrcmpA
lstrcpyA
Sleep
ExitProcess
GetSystemDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
IsBadReadPtr
OutputDebugStringA

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumWindows
GetSystemMetrics
GetWindowTextA
ReleaseDC
GetDC
IsRectEmpty
PostThreadMessageA
FindWindowExA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
GetActiveWindow
IsIconic
GetWindowThreadProcessId
CallNextHookEx

gdi32

GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

wininet

HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown

netapi32

Netbios

msvcrt

strstr
free
malloc
atoi
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
memmove
sprintf
strncmp
sscanf
strrchr

Exports

Exports

InstallService
wdof
wdon

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

116a0a71ecd1dfb7ba5079d90c7b4a28

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB