5077fb684bd50762eefef5110cd9573a

Sharing

Copy URL Twitter E-mail

General

Target

5077fb684bd50762eefef5110cd9573a
Size

62KB
MD5

5077fb684bd50762eefef5110cd9573a
SHA1

97e02080f65c9dab9d8b8884bb77ef42f374b207
SHA256

ebd79da1b7beff5a61bc7956cadc8156442e6f53cc86ac5beb77d8bbbec34e83
SHA512

e2095b2d9d48ab7d3a85a0dd56034a115c98eafe721720134a6b7506f7bf402254dc417329b80bda6911e6e67e450b41033f0ff92b88a74c8cf7fa08ead7474b
SSDEEP

1536:nkacwvYN4eSJoSMxGvsjjISfLRbBXmo2T:yEJGGvKj3bBWo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5077fb684bd50762eefef5110cd9573a

Files

5077fb684bd50762eefef5110cd9573a
.dll windows:4 windows x86 arch:x86

959bc88f35feb5567ae50c732c1a9e38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
WaitForSingleObject
GetFileAttributesA
OpenFileMappingA
ExitProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
VirtualFreeEx
CreateRemoteThread
GetProcAddress
GlobalUnlock
VirtualAllocEx
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
CreateThread
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
WriteProcessMemory
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

ToAscii
GetKeyboardState
GetKeyNameTextA
GetKeyState
GetWindowTextA
GetParent
GetClassNameA
CloseClipboard
GetClipboardData
GetWindowLongA
SendMessageA
DefWindowProcA
RegisterClassA
SetWindowLongA
CallWindowProcA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
EnumChildWindows
CallNextHookEx
MapVirtualKeyA
FindWindowA
LoadCursorA
OpenClipboard

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

msvcrt

fwrite
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
wcstombs
fseek
ftell
malloc
realloc
free
atoi
isalpha
_CxxThrowException
_mbsstr
strftime
_mbsicmp
localtime
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
_mbscmp
strcat
_mbsrev
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler
fopen
fread
fclose

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959bc88f35feb5567ae50c732c1a9e38

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB