4fe8d7a5a6ddcbc4b0278f2fe9612268

Sharing

Copy URL Twitter E-mail

General

Target

4fe8d7a5a6ddcbc4b0278f2fe9612268
Size

20KB
MD5

4fe8d7a5a6ddcbc4b0278f2fe9612268
SHA1

f7b20c6848aeb228f6f4b9d9369c27cd76b4cf91
SHA256

6df4e24cdaa02b08f1f31ec81d7d508d214666ff4b5df6ff3ecbb50a75eabd88
SHA512

52bd671bf332d0a8029675042334a79ba46cbcafb36671b38eccacbef168361733140b77edc0d55378a44f7b4ee48c8409e5efc0b8735bd96331732a9347993a
SSDEEP

384:+SjzU4XB7rX/wcGtEqxbXcWS/PSqYvTdvDOPGqdS6kt2W:hfXBPIcupxS/aqYrdvDOJqp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fe8d7a5a6ddcbc4b0278f2fe9612268

Files

4fe8d7a5a6ddcbc4b0278f2fe9612268
.dll windows:4 windows x86 arch:x86

ed80bd2d1980b12a8487552bb8319a58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
gethostbyname
recv
closesocket
inet_ntoa
WSAStartup
ioctlsocket
htons
socket
connect
WSACleanup
send

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ShowWindow
SetFocus
SetForegroundWindow
VkKeyScanA
wsprintfA
BlockInput
keybd_event

advapi32

EnumServicesStatusA
CloseServiceHandle
OpenProcessToken
ImpersonateLoggedOnUser
OpenSCManagerA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcr80

rand
srand
strstr
strncpy
_time64
malloc
fclose
fwrite
fopen
strtok
atoi
_encode_pointer
_malloc_crt
_encoded_null
free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CxxFrameHandler3
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
sprintf

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DisableThreadLibraryCalls
GetCurrentThreadId
GetLocaleInfoA
CreateThread
CreateProcessA
LoadLibraryA
GetProcAddress
lstrlenA
lstrcpyA
lstrcmpA
lstrcpynA
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateMutexA
GetLastError
CloseHandle
OpenProcess
lstrcmpiA
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetTickCount
GlobalUnlock
Sleep
InterlockedDecrement

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed80bd2d1980b12a8487552bb8319a58

Headers

File Characteristics

Imports

wsock32

user32

advapi32

wininet

msvcr80

ole32

oleaut32

psapi

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 1KB - Virtual size: 1KB