493da9cc132164330adbc42faff54009

Sharing

Copy URL

Twitter E-mail

General

Target

493da9cc132164330adbc42faff54009
Size

25KB
MD5

493da9cc132164330adbc42faff54009
SHA1

c5eb52fd8c6e2e041dc1d4b7beefdd82d87ea19c
SHA256

75cd192ad6e5e0350243b6a249f55382856c579e2a1457dd48b37f6fae04327d
SHA512

5d8cf106083ff010ab3e6d5593b0c8f10ecb7590c00396b30a5a3df30890f21e6a283d1fabc53241fc7a65e2c470962d369128dff1ad72a6c7586f0b00be6434
SSDEEP

768:0lB+CAU+O752wmGdG4aBBQARQkkAYzDR:1C+OltTG4aBBQAR0AG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
493da9cc132164330adbc42faff54009

Files

493da9cc132164330adbc42faff54009
.dll windows:4 windows x86 arch:x86

c4992cfcf63c4d1b56ca3784690df88c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlZeroMemory
strlen
memcpy
memcmp
strstr

ws2_32

closesocket
gethostname

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TerminateThread
WaitForSingleObject
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
CreateFileA
CreateFileMappingA
GetModuleFileNameA
DeleteFileA
GetExitCodeThread
GetFileSize
GetLastError
GetStartupInfoA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
MapViewOfFile
MoveFileExA
ReadFile
EnterCriticalSection
RtlUnwind
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
WideCharToMultiByte
WriteFile
lstrcpynA
IsBadReadPtr
DeleteCriticalSection
CreateThread
CloseHandle
CreateProcessA

user32

RegisterWindowMessageA
SendMessageA
SetTimer
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowThreadProcessId
FindWindowA
CallNextHookEx
wsprintfA
KillTimer

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
AdjustTokenPrivileges

ole32

StringFromGUID2

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4992cfcf63c4d1b56ca3784690df88c

Headers

File Characteristics

Imports

ntdll

ws2_32

kernel32

user32

advapi32

ole32

Sections

.text Size: 18KB - Virtual size: 18KB

.bss Size: - Virtual size: 8B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 630B

.text
Size: 18KB - Virtual size: 18KB

.bss
Size: - Virtual size: 8B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 630B