3adce91c7bdd037991855f8f3ff6446e

Sharing

Copy URL Twitter E-mail

General

Target

3adce91c7bdd037991855f8f3ff6446e
Size

44KB
MD5

3adce91c7bdd037991855f8f3ff6446e
SHA1

5a28d8252965b09c303eeae0df256263410797e1
SHA256

d3d6ccb7fa9066214d930cd1be49a488df25020b817e18aecbf9885eb9581a7c
SHA512

aa79eab6e9afb8f522c93259ab72e083d874879b7d431eaf0e2cab37a2dfb6f00aeea982bf03c90c9e073df29de427a4162388002300fecb665b1d9537142e4c
SSDEEP

768:A4zBdsluj42UQVDb9HBReuYUrapvNDeuY4/pIfptVWUYfX0XiVjgL:9zBdslj2Rtc1aUhY1W97S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3adce91c7bdd037991855f8f3ff6446e

Files

3adce91c7bdd037991855f8f3ff6446e
.dll windows:4 windows x86 arch:x86

62cb643f93fa178788f5a0efcf4322f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

psapi

GetModuleFileNameExA

avicap32

capCreateCaptureWindowA

imm32

ImmGetContext

winmm

waveInStop

msvcrt

free

shell32

ShellExecuteA

user32

IsWindow

shlwapi

StrCmpW

gdi32

BitBlt

advapi32

RegCloseKey

ole32

CreateStreamOnHGlobal

ws2_32

listen

Exports

Exports

guocyok888
DoService
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guoc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62cb643f93fa178788f5a0efcf4322f4

Headers

File Characteristics

Imports

kernel32

psapi

avicap32

imm32

winmm

msvcrt

shell32

user32

shlwapi

gdi32

advapi32

ole32

ws2_32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 67KB

.guocy Size: 1024B - Virtual size: 7KB

.guoc Size: 1024B - Virtual size: 1KB

guocy Size: - Virtual size: 4KB

.guocy Size: 3KB - Virtual size: 3KB

.MaskPE Size: 2KB - Virtual size: 3KB

.guocyok Size: 2KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 67KB

.guocy
Size: 1024B - Virtual size: 7KB

.guoc
Size: 1024B - Virtual size: 1KB

guocy
Size: - Virtual size: 4KB

.guocy
Size: 3KB - Virtual size: 3KB

.MaskPE
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 2KB - Virtual size: 4KB