500f98b2b0b6ce591b0ca721d9c2f080

Sharing

Copy URL

Twitter E-mail

General

Target

500f98b2b0b6ce591b0ca721d9c2f080
Size

29KB
MD5

500f98b2b0b6ce591b0ca721d9c2f080
SHA1

cd61d18fb629eb1b61e926b58dd0f0352d7226da
SHA256

516ba2cf2fcfda2884e2f5cb6c8d9ec613a7b55a6210c9d600a6bfeff5597be2
SHA512

fbc318edb5852d50b0d879c6da6dae9c044bb34d80bd77e530ae30cb1520d43da7535eaefee11931f7bf14bdbbb43ce378bcbf07d926294ef1eed4739e94aace
SSDEEP

384:Z4wvd53RrrGBYZ+9HDaKppd4ClNK7yxI3zPv/42ybhxNzAVmg4K+KWEcxrzLW6W5:Sw1NZaxdPjKOxEzH/Xyb/pzjEMrzp8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
500f98b2b0b6ce591b0ca721d9c2f080

Files

500f98b2b0b6ce591b0ca721d9c2f080
.dll windows:4 windows x86 arch:x86

17390e48654cd11c641ea30919b83dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
CloseHandle
lstrlenW
lstrlenA
lstrcpynA
lstrcpyW
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WinExec
WideCharToMultiByte
VirtualProtect
TerminateThread
Sleep
SetFilePointer
ReadFile
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
GetProcAddress
GetModuleFileNameA
GetFileSize
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FindAtomA
CreateFileA
CreateProcessA
CreateThread
DeleteAtom
DeleteFileA
ExitProcess
ExitThread
AddAtomA

ole32

CreateStreamOnHGlobal

gdi32

CreateBitmap
SetBkMode
SetBkColor
SelectObject
GetObjectA
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontA
CreateCompatibleDC
BitBlt

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

user32

GetDesktopWindow
GetForegroundWindow
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IsWindow
IsWindowVisible
OpenClipboard
ReleaseDC
GetClipboardData
SetWindowLongA
keybd_event
GetClientRect
GetClassNameA
CloseClipboard
CreateWindowExA
DrawTextA
EnumChildWindows
EnumWindows
ExitWindowsEx
SendMessageA
FillRect

wininet

InternetReadFile
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathIsDirectoryA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreA
PFXExportCertStoreEx
CertAddCertificateContextToStore

Exports

Exports

s

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17390e48654cd11c641ea30919b83dea

Headers

File Characteristics

Imports

kernel32

ole32

gdi32

advapi32

user32

wininet

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 116KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 116KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 2KB - Virtual size: 2KB