402c6d430590537a0f1bc8e61d0cf310

General

Target

402c6d430590537a0f1bc8e61d0cf310
Size

53KB
MD5

402c6d430590537a0f1bc8e61d0cf310
SHA1

3ccf37f4c1e636eb180c827bdf270e53d4651cb0
SHA256

e1b41d61a64c8836f6052ecfe9e18eb340e4ce709cde38473ff5be6b0e07d646
SHA512

fd4f2317e616730bf4e734e6c3b855d16a49dd2d9056a8e17429d3174e567a1de00d2fe59b3903fc6298788e8671173e1eeff1c082f1bb24ef6cbda77972f572
SSDEEP

1536:0+r5ZxzFnToIf9Wjd3jw1zXs/M48yYcmZV7:0+r5ZxztTBf92SmM48yYcmZB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
402c6d430590537a0f1bc8e61d0cf310

Files

402c6d430590537a0f1bc8e61d0cf310
.dll windows:4 windows x86 arch:x86

3a71d18a0efc486892759ab5674aab11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
CloseHandle
CreateProcessA
CopyFileA
MoveFileA
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
Sleep
SetLastError
lstrlenA
Process32Next
GetPriorityClass
OpenProcess
Module32First
Process32First
CreateToolhelp32Snapshot
TerminateProcess
FindNextFileA
ReadFile
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
lstrcpyA
WaitForSingleObject
CreateThread
lstrcpynA
MoveFileExA
GetModuleFileNameA
GetTickCount
SetThreadPriority
GetCurrentThread
GetFileSize
CreateFileA
WriteFile
FreeConsole
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
InterlockedExchange
RaiseException
LocalAlloc
FindClose
GetCurrentThreadId
GetDriveTypeA

msvcrt

??3@YAXPAX@Z
strncat
atoi
strcspn
strstr
_ftol
wcstombs
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_except_handler3
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
sprintf
strncpy
_strlwr

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Exports

Exports

MyDllRun
ServiceMain
XieZaiDLL
run

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a71d18a0efc486892759ab5674aab11

Headers

File Characteristics

Imports

kernel32

msvcrt

avicap32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB