48edd6634686fd9e1a57163c0877612d

Sharing

Copy URL

Twitter E-mail

General

Target

48edd6634686fd9e1a57163c0877612d
Size

208KB
MD5

48edd6634686fd9e1a57163c0877612d
SHA1

d046707b7ba1ffb00791200acd6899d6941b83ad
SHA256

991a336d2abec8a1461628d9dc6c6abe66715c801da81c4af65c0d4cc649ae2f
SHA512

dd2927f1d4312d552da8358b2df822c54f0dea08e50b79ad851a5e8bb510616eeada09eb2c6ad36c65b5e9ca69f72918e780fb2daea6468fc0f8ee420c1b788d
SSDEEP

3072:It/vUN/6yqyHild3MPn2QVWaIukoIem1kxA09T:It/I/6yqkYDoIem14A09T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48edd6634686fd9e1a57163c0877612d

Files

48edd6634686fd9e1a57163c0877612d
.dll windows:4 windows x86 arch:x86

d76b31ee6098d4eb19f315669f78f8e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
CreateEventA
CloseHandle
SetEvent
DeleteFileA
CreateFileA
ResetEvent
GetLastError
LocalAlloc
MultiByteToWideChar
CreateMutexA
LocalFree
InterlockedDecrement
lstrlenA
GetCurrentThreadId
CreateThread
WaitForSingleObject
GetTickCount
Sleep
GetCurrentProcess
OutputDebugStringA

user32

EnableWindow
PostThreadMessageA
GetWindowRect
PeekMessageA
GetMessageA
DispatchMessageA
TranslateMessage

advapi32

AdjustTokenPrivileges
RegSetValueExA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
CloseServiceHandle
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize
CoUninitialize
CoInitializeEx
OleInitialize

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile

mfc42

ord6467
ord1578
ord600
ord826
ord269
ord1176
ord1243
ord1168
ord1575
ord6514
ord6478
ord4432
ord6691
ord6614
ord800
ord825
ord823
ord6735
ord4047
ord539
ord535
ord540
ord465
ord466
ord2241
ord1601
ord537
ord861
ord4277
ord2764
ord858
ord4278
ord6663
ord4202
ord926
ord860
ord2086
ord1238
ord6597
ord6800
ord2446
ord6880
ord795
ord6241
ord6453
ord2379
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord567
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord4710
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5281
ord3748
ord1725
ord5260

msvcrt

_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
??0exception@@QAE@ABV0@@Z
atof
_CxxThrowException
atol
strstr
tolower
toupper
strncpy
strcpy
fopen
fclose
fwrite
fflush
_mbsnbicmp
strcmp
memcpy
strlen
sprintf
srand
rand
time
atoi
_mbscmp
_purecall
memset
__CxxFrameHandler

msvcp60

??0_Lockit@std@@QAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

Exports

Exports

doMyAction
getVersion

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d76b31ee6098d4eb19f315669f78f8e4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

mfc42

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 192B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 192B

.reloc
Size: 16KB - Virtual size: 12KB