409f9fc8362b5567abe96f55c27a6446

Sharing

Copy URL Twitter E-mail

General

Target

409f9fc8362b5567abe96f55c27a6446
Size

48KB
MD5

409f9fc8362b5567abe96f55c27a6446
SHA1

b84c17fa335d31902bb2c6d623b906711693d44d
SHA256

a0df014d7ef8003968ce2858b9116420fddcf9e5e3d6ac2b6435be0cf418f5ef
SHA512

27c8d30410af7aa55e8edb3c9d42bf1c4cb25825bc8f36458401b9394186137d108a60dcd379b91560e668c9286fdeb8d1f2e1346482f29a256f3dde072b6952
SSDEEP

384:/Q81Wr57gE0/91SqV/TE/E+rdNm6L5uEyxysSN2Ze9aZMz15EXW/gmLuPA:4g04rQE+rd94xpC/931+XW/guu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409f9fc8362b5567abe96f55c27a6446

Files

409f9fc8362b5567abe96f55c27a6446
.dll windows:4 windows x86 arch:x86

27f0843ea65caaf5fc15997b5e97c07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA

user32

GetActiveWindow
GetWindowTextA
GetAsyncKeyState
GetKeyboardState
ToAscii
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
GetMessageA
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
CharToOemA
wsprintfA
IsCharAlphaNumericA
CallNextHookEx

oleaut32

GetErrorInfo

msvcrt

atoi
_snprintf
localtime
fopen
fclose
_purecall
time
fwrite
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
strrchr
difftime
_stricmp
strncpy
__CxxFrameHandler
strstr
??3@YAXPAX@Z
sprintf
_CxxThrowException
??2@YAPAXI@Z
_strnicmp
_strupr

kernel32

GetTempPathA
GetVolumeInformationA
GetSystemDirectoryA
GetTempFileNameA
GetWindowsDirectoryA
GetVersion
CreateProcessA
SetFilePointer
WriteFile
DeleteFileA
GetComputerNameA
GetTickCount
CreateFileMappingA
MapViewOfFile
OpenProcess
Sleep
GetModuleFileNameA
CreateMutexA
GetLastError
CreateThread
TerminateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
CloseHandle
FreeLibrary
HeapFree
LoadLibraryA
GetProcAddress
lstrcmpA
lstrcpynA
lstrlenA
lstrcatA
GetProcessHeap
lstrcpyA
HeapSize
HeapReAlloc
HeapAlloc
LocalFree

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27f0843ea65caaf5fc15997b5e97c07c

Headers

File Characteristics

Imports

wininet

advapi32

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 44KB

idata Size: 4KB - Virtual size: 268B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 44KB

idata
Size: 4KB - Virtual size: 268B

.reloc
Size: 4KB - Virtual size: 2KB