53af2f0cf61876f0fc047f1a1b91f81c

Sharing

Copy URL

Twitter E-mail

General

Target

53af2f0cf61876f0fc047f1a1b91f81c
Size

92KB
MD5

53af2f0cf61876f0fc047f1a1b91f81c
SHA1

84629076a9f6931908f3d71a465145736ef58644
SHA256

a2d6989b51c067122484a897fbae2cfffa34750180f76d79bc069f2ff6b71c54
SHA512

5020b624a9224e126d9052ab9b79e3e9c9cb4c3293df20d0b4d282d8ac51198c5f1b0a165f8e75f5a7d361ae3015016e692dc4fe7feed47a46c11d75e728b8b6
SSDEEP

768:AXlmaMvhxrdneStK7vaYXJeMX0D9+2vPZggtWE2HlZdXRO8OxENUhXUUJXlLorAf:N/tV+P3J2vRruvulkjCphXMtFDr2C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53af2f0cf61876f0fc047f1a1b91f81c

Files

53af2f0cf61876f0fc047f1a1b91f81c
.dll windows:4 windows x86 arch:x86

dd868e8187d24a603a75035217ef0536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
HeapFree
GetProcessHeap
SetEvent
HeapAlloc
CreateEventA
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFileAttributesA
DeviceIoControl
lstrcpyA
CreateFileA
GlobalFree
GlobalAlloc
ExitProcess
GetCurrentProcessId
MoveFileA
GetTempFileNameA
GetTempPathA
GetComputerNameA
lstrlenA
WideCharToMultiByte
OpenThread
GetExitCodeThread
GetCurrentThread
VirtualAllocEx
TerminateThread
Thread32First
CreateToolhelp32Snapshot
TerminateProcess
WriteFile
ReadFile
CreatePipe
GlobalMemoryStatus
GetSystemDefaultLangID
lstrcmpiA
RtlUnwind
LCMapStringW
LCMapStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
GetSystemTime
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
FreeLibrary
LoadLibraryA
MultiByteToWideChar
CreateMutexA
GetWindowsDirectoryA
lstrcatA
GetSystemDirectoryA
CreateThread
GetModuleFileNameA
ExitThread
CreateProcessA
OpenProcess
WaitForSingleObject
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WinExec
GetProcAddress
RemoveDirectoryW
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryW
DeleteFileW
MoveFileW
GetLogicalDriveStringsA
GetDriveTypeA
GetTickCount
Sleep
SetFileAttributesW
GetVersionExA
GetCurrentThreadId
GetCurrentProcess
GetLastError
GetModuleHandleA
Thread32Next

user32

CloseDesktop
CloseWindowStation
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
ExitWindowsEx
wsprintfA
mouse_event
SetCursorPos
keybd_event
GetDC
GetSystemMetrics
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
GetProcessWindowStation

advapi32

DeleteService
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegCloseKey
GetTokenInformation
LookupAccountSidA
QueryServiceConfigA
EnumServicesStatusA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegCreateKeyExA
LogonUserA
CreateProcessAsUserA
RegQueryValueExA
ChangeServiceConfigA
ChangeServiceConfig2A
ControlService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegDeleteKeyA
RegOpenKeyExA
AdjustTokenPrivileges

msvcrt

_wopen
sprintf
_findclose
strftime
localtime
_i64toa
_wfindnexti64
_wfindfirsti64
swprintf
wcscmp
wcslen
_atoi64
_wfindnext
wcscat
wcscpy
_wfindfirst
_write
atoi
strstr
strncpy
strncmp
free
malloc
sscanf
??2@YAPAXI@Z
__CxxFrameHandler
rand
srand
_vsnprintf
atol
_stricmp
realloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
_filelengthi64
_lseeki64
_eof
_read
_close
??3@YAXPAX@Z
_ftol

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetDeviceCaps
CreateDCA
GetDIBits
GetObjectA
BitBlt
DeleteObject

ws2_32

recvfrom
htonl
bind
setsockopt
shutdown
__WSAFDIsSet
sendto
inet_addr
gethostbyname
WSAStartup
socket
ioctlsocket
htons
connect
select
send
recv
closesocket

psapi

GetModuleFileNameExA
GetProcessMemoryInfo
GetMappedFileNameA

Exports

Exports

InitSQLConnect
SQLAlloc
SQLClose
SQLExecute
SQLFree
SQLQuery
Uninstall

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd868e8187d24a603a75035217ef0536

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

gdi32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 8KB - Virtual size: 4KB