574453b76abf5ba91a2bc8271aecb269

General

Target

574453b76abf5ba91a2bc8271aecb269
Size

24KB
MD5

574453b76abf5ba91a2bc8271aecb269
SHA1

e606f744b4f588ea8a443762b1daf0c4fd6f4cec
SHA256

453a95574b1998137a29c09fd260e9f3c8ab512359e40748dc8e132fd188d44f
SHA512

262dadbd6a38d58e4af6e2232bc1a67cf1f908dee5d61e11b1f9375cd09bdcd6266bb5ba56fd2414c50d303a22d31293a714cc493f22cc191b0b03c036525132
SSDEEP

384:jGIOp1ItmSRs4ZZrPydWWDtUoGIO8wuVPr3nl:jGIOqsy0lDtUoGIOeVPrXl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
574453b76abf5ba91a2bc8271aecb269

Files

574453b76abf5ba91a2bc8271aecb269
.dll windows:4 windows x86 arch:x86

32c78b14e01ff883d052fe48f43f15ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
OpenProcess
GetCurrentProcessId
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
FindClose
FindNextFileA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
VirtualProtectEx
ReleaseMutex
Module32Next
Module32First
ReadFile
GetModuleFileNameA
LocalAlloc
CreateThread
Sleep
IsBadReadPtr
FreeLibrary
GetCurrentProcess
GetProcAddress
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetSystemDirectoryA
lstrlenA
CreateFileA
WriteFile
CloseHandle

user32

EnumWindows
wsprintfA
SendMessageA
SetWindowsHookExA
RegisterWindowMessageA
CallNextHookEx
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA

shlwapi

StrStrIA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

_itoa
memcpy
??2@YAPAXI@Z
_except_handler3
strlen
memset
??3@YAXPAX@Z
memcmp
_purecall
strcmp
strstr

Sections

.bss
Size: - Virtual size: 64.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32c78b14e01ff883d052fe48f43f15ef

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Sections

.bss Size: - Virtual size: 64.1MB

.data Size: 14KB - Virtual size: 13KB

.shared Size: 1024B - Virtual size: 532B

.reloc Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 64.1MB

.data
Size: 14KB - Virtual size: 13KB

.shared
Size: 1024B - Virtual size: 532B

.reloc
Size: 8KB - Virtual size: 7KB