4640f0a7d871c43bdb83b39e365da895

Sharing

Copy URL Twitter E-mail

General

Target

4640f0a7d871c43bdb83b39e365da895
Size

143KB
MD5

4640f0a7d871c43bdb83b39e365da895
SHA1

dc6f812d9c60b26743ec7406597c1f4dbad1fa09
SHA256

786e99e2fab905d0b639cd78feb752b683dcb6893de17426e6f11095f09d283c
SHA512

20d221b6d80f633979d9264f37cd280c4c76427b586408a372fc935e701277727c8252842f48366d79502d3ff60b8e2ea5fc673ffa67b6b318fee76bd8572bc4
SSDEEP

3072:qjmx1flE1AvgtjOGMmptV8hZQUBF8h74ZfaJ7H:qjIVNEjjnVG3FYUZfaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4640f0a7d871c43bdb83b39e365da895

Files

4640f0a7d871c43bdb83b39e365da895
.dll windows:5 windows x86 arch:x86

2be2dbf064d3b71d26f35f0429c80189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CreateFileW
lstrcmpW
CreateEventW
DeleteCriticalSection
LoadLibraryW
HeapReAlloc
WritePrivateProfileSectionA
GlobalAlloc
GetProcAddress
GetProcessHeap
GetTempPathA
SetHandleCount
VirtualProtect
VirtualFree
GlobalSize
WaitForSingleObject
GetDriveTypeW
WritePrivateProfileSectionW
SetErrorMode
GetNumberFormatW
CreateEventA
LocalFileTimeToFileTime
lstrcpyW
GetComputerNameA
SystemTimeToFileTime
GetModuleHandleA
ExitThread
ReleaseMutex
DeleteFileW
OutputDebugStringW
GetVersionExA
FormatMessageW

msvcrt

_exit
memmove
strerror
rand
_controlfp
_CxxThrowException
wcstok
_onexit
_wcmdln
fprintf
malloc
__setusermatherr
wcsrchr
memset
_wcsnicmp
exit

user32

UnregisterClassW
CopyRect
RegisterWindowMessageW
SetDlgItemInt
DrawTextW
DrawEdge
GetMessageW
IntersectRect
SystemParametersInfoA
GetProcessWindowStation
GetSystemMenu
RegisterClassW
LoadCursorW
MsgWaitForMultipleObjects
FrameRect
SetWindowTextA
CreateDialogParamW
FillRect
PostThreadMessageW
IsWindowEnabled
PostMessageW
DefDlgProcW
wsprintfA
EnableWindow
SendDlgItemMessageW

gdi32

CreateRoundRectRgn
Rectangle
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
GetObjectA
ExtTextOutW
CreateCompatibleBitmap
GetTextMetricsW
SelectPalette
GetTextExtentPointW
RealizePalette
SetStretchBltMode
GetRegionData
CreatePen
StretchBlt
SetTextAlign
SetWindowExtEx
CreateBitmap
MoveToEx

tapi32

lineAddProviderW
tapiRequestMediaCallA
phoneGetLamp
MMCInitialize
lineGetIDW
lineSetAgentMeasurementPeriod
phoneShutdown
lineCompleteCall

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be2dbf064d3b71d26f35f0429c80189

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 36B

.data Size: 51KB - Virtual size: 51KB

.edata Size: 39KB - Virtual size: 38KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 138B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 36B

.data
Size: 51KB - Virtual size: 51KB

.edata
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 138B