396680070268ef73337295968d43f5f6

Sharing

Copy URL Twitter E-mail

General

Target

396680070268ef73337295968d43f5f6
Size

36KB
MD5

396680070268ef73337295968d43f5f6
SHA1

b85c109be8f183d95e0086e9c8aa255ef4039e4f
SHA256

c5563e3f4da464128bd990098494c13be6ea68c59baa5af37fafedacbb6755fa
SHA512

e0e94ce77e3c4d7a1b9f39b5e87e20a373e270d949c24af07429c782b0bf1fd389839600b5bb845c8ba2476553f329f46ad5466888bf1bad19cdcd024189ad73
SSDEEP

384:RlT03p05j240Ze83YspoRc4nkttZeShplUxO1DuDMp7ugMVlst7:RhH5C4QnF4c4nknYShplca7ugMMt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396680070268ef73337295968d43f5f6

Files

396680070268ef73337295968d43f5f6
.dll windows:4 windows x86 arch:x86

76d2887d2c3e55bb32a5f95514c01c0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetDateFormatA
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVolumeInformationA
GetTickCount
Sleep
GetLastError

msvcrt

atoi
strchr
realloc
_beginthread
??3@YAXPAX@Z
??2@YAPAXI@Z
strncmp
strstr
__CxxFrameHandler
__dllonexit
_onexit
_initterm
_adjust_fdiv
strlen
_snprintf
rand
malloc
free
time
srand
strcat
strcpy
memset

ws2_32

inet_addr
htons
send
setsockopt
closesocket
recv
gethostname
socket
gethostbyname
WSAGetLastError
select
connect
ioctlsocket
inet_ntoa
shutdown
WSAStartup

dnsapi

DnsQuery_A
DnsRecordListFree

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

Exports

Exports

StartProcessAtWinLogon
StopProcessAtWinLogoff

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76d2887d2c3e55bb32a5f95514c01c0a

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

dnsapi

msvcp60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 672B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 672B

.reloc
Size: 4KB - Virtual size: 2KB