558751dce5b2824cd0916d8cfaf9c8f1

Sharing

Copy URL Twitter E-mail

General

Target

558751dce5b2824cd0916d8cfaf9c8f1
Size

70KB
MD5

558751dce5b2824cd0916d8cfaf9c8f1
SHA1

0d427d60a90b0dbb1341ac51224a485f2913dd73
SHA256

e86997362d04d423898b87b55d785ea0a2e90cc81a5f98a278906a44f772261a
SHA512

ce0f30ca6c2a4256a71f5b293b9ac2dd5f8c88f5c03baa9ab912bd0faf893c24fbf807d969c05214554bc892aef17c3c514de2f1303f9910d322102f8adc6b15
SSDEEP

1536:+IYSSG/GKHr3o1TyWAAzZrmhvRASolg70:+y/GKHr4bRu5ASoO70

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
558751dce5b2824cd0916d8cfaf9c8f1

Files

558751dce5b2824cd0916d8cfaf9c8f1
.dll windows:4 windows x86 arch:x86

254450df1e63482b1fc804a2d06e7f83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
InterlockedIncrement
MultiByteToWideChar
GetVersionExA
LocalSize
GetCurrentProcess
GetProcAddress
LoadLibraryA
InterlockedDecrement
lstrcpynA
Sleep
DeleteFileA
CreateProcessA
ReleaseMutex
CreateMutexA
FindClose
FindFirstFileA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LocalAlloc
LocalReAlloc
LocalFree
WriteFile
lstrcpyA
CreateFileA
GetFileSize
ReadFile
GetLastError
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
HeapSize
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FlushFileBuffers
LCMapStringW
LCMapStringA
FreeEnvironmentStringsA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
WideCharToMultiByte
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

wsprintfA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntry

iphlpapi

GetAdaptersInfo
GetIfEntry

shlwapi

StrTrimA

Exports

Exports

ClearTest
Log1
Log2
OpenFeedback
Test

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

254450df1e63482b1fc804a2d06e7f83

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 18KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 18KB

.reloc
Size: 7KB - Virtual size: 7KB