37fe6520d9afbce0b5c85a5b9dcc5aa8

Sharing

Copy URL Twitter E-mail

General

Target

37fe6520d9afbce0b5c85a5b9dcc5aa8
Size

132KB
MD5

37fe6520d9afbce0b5c85a5b9dcc5aa8
SHA1

09f32ab8733a97dca94983b2ba2af0cf44f9a458
SHA256

36941b2ecbbba0498a5085c83ca48efe21154b4ccdbea4621ef2c202428c1240
SHA512

3d6ea574922f6e3415b3ad9b0636c1e20ddfadd71d609a3239081bf0c1f3ef066ee3574e1ff01b9ae2c0b7b7f2acf92ea7409a2af702a759f26c70d938a276ac
SSDEEP

3072:uJc6LNsWcf9T8IfgXQIUTX8Z46TBfCKbNnqEbWaT:MrLNUfF8yDS46TBqoNndT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37fe6520d9afbce0b5c85a5b9dcc5aa8

Files

37fe6520d9afbce0b5c85a5b9dcc5aa8
.dll windows:4 windows x86 arch:x86

ded2aed171cf58e52ad710ea00feda97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_snprintf
strlen
_strnicmp
strstr
_stricmp
memcmp
atoi
_itoa
memcpy
_ultoa
tolower
memset
_chkstk
_allmul
_alldiv

msvcrt

strtok

ws2_32

closesocket
WSASocketW
listen
WSASend
WSAGetLastError
WSAWaitForMultipleEvents
WSAIoctl
setsockopt
WSARecv
shutdown
WSAGetOverlappedResult
WSAStartup
ntohl
WSASetLastError
getsockname
ntohs
WSACreateEvent
bind

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetConnectA
InternetSetOptionA
HttpAddRequestHeadersA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA

kernel32

WaitForMultipleObjects
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
GetVersionExA
FindClose
RemoveDirectoryA
TransactNamedPipe
HeapSetInformation
HeapCreate
FindFirstFileA
HeapDestroy
HeapFree
WaitNamedPipeA
FindNextFileA
SetNamedPipeHandleState
HeapAlloc
GetSystemDirectoryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
ExitProcess
GetFileAttributesExA
SetFileAttributesA
CreateDirectoryA
InterlockedExchange
CreateEventA
TlsSetValue
TlsGetValue
TlsAlloc
ProcessIdToSessionId
Process32Next
Process32First
WriteProcessMemory
VirtualAllocEx
Thread32Next
GetModuleHandleA
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
CloseHandle
OpenThread
GetCurrentProcessId
GetFileSize
lstrcpyA
ReadFile
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
lstrcatA
GetLocalTime
WaitForSingleObject
OpenMutexA
InterlockedCompareExchange
lstrlenA
CreateMutexA
SetEvent
TerminateThread
Sleep
OutputDebugStringA
DuplicateHandle
GetExitCodeThread
FlushFileBuffers
ReleaseMutex
OpenEventA
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCurrentThread
VirtualFree
GetLastError
GetFileInformationByHandle
SystemTimeToFileTime
lstrcmpiA
GetSystemTime
GetCurrentProcess
WriteFile
EnterCriticalSection
CreateFileA
CreateThread
VirtualFreeEx
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
PeekNamedPipe
lstrcmpA
SetFilePointer
SetEndOfFile
GetTempFileNameA
DeleteCriticalSection
GetTempPathA
VirtualQuery
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualProtect
FlushInstructionCache
SetLastError
lstrcmpW
MultiByteToWideChar
DeleteFileA
CreateProcessA
GetTickCount
GetFileAttributesA
LoadLibraryA
CreateRemoteThread
OpenProcess

user32

SetForegroundWindow
ShowWindow
PeekMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
wsprintfA
DispatchMessageA

advapi32

OpenSCManagerA
CloseServiceHandle
OpenServiceA
ControlService
ChangeServiceConfigA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DllGetClassObject
EventStartup

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ded2aed171cf58e52ad710ea00feda97

Headers

File Characteristics

Imports

ntdll

msvcrt

ws2_32

wininet

oleaut32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 6KB