4f3166f52ff6f8da5396caf564493806

General

Target

4f3166f52ff6f8da5396caf564493806
Size

12KB
MD5

4f3166f52ff6f8da5396caf564493806
SHA1

af0e7eabc2700b1c390d74b0fd3da8a9f0cb89ae
SHA256

2279e3595ae1be0af1cdea955e6f6c2b67a279494e863b84a17fe73283ad80ae
SHA512

32d5435d94eecba458605a7048f1ecaab741253dd22a24287cbc19fdaab872d45266b3ecc2368ac10c2ef340d865f1d55847454c9f44f0f87d39e1ef88a4b9a2
SSDEEP

192:oS3oHMYw8G6VGm4MnUkHqA+Q8kdT2mBQayWZBewA1irA+:b4HMYYAGm4cUkHqAKkdTSayABex1i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f3166f52ff6f8da5396caf564493806

Files

4f3166f52ff6f8da5396caf564493806
.dll regsvr32 windows:4 windows x86 arch:x86

ddafa69b94a55b5a9fd456e2572cbfa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetOpenA
InternetGetConnectedState

mfc42

ord6010
ord5186
ord354
ord5442
ord6385
ord1979
ord665

msvcrt

_stricmp
malloc
free
_onexit
__dllonexit
srand
rand
strcmp
sprintf
strlen
_EH_prolog
__CxxFrameHandler
strcat
memset
strcpy
_initterm
time
_adjust_fdiv

kernel32

GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
CreateRemoteThread
Sleep
FreeLibrary
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
CloseHandle

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMyOnTimeAction
DllRegisterServer
DllUnregisterServer
Dll_JustWorking

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddafa69b94a55b5a9fd456e2572cbfa4

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 524B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 524B