57e4ca19c89e5ae16fa7a21ea4a3a75f

Sharing

Copy URL Twitter E-mail

General

Target

57e4ca19c89e5ae16fa7a21ea4a3a75f
Size

31KB
MD5

57e4ca19c89e5ae16fa7a21ea4a3a75f
SHA1

353f0c357955fd2d7dc6a375d75a3cc189d40ac4
SHA256

7eb616c4b27f4d46c71d498de9369ded27129acae7a17eb79374980a2ca0882e
SHA512

2c8f0329d11ca2bf5cde725a91b1d7bff55191c12e1bf824ca81444b1cb348f6c9a7376c5beb91e6dacb05a71e0faa0219dbfbbe6759421e4e7482f8cc3d52c5
SSDEEP

768:HH+ByoDiv0NwPgQTs6vxH8Y9f4ZKuGTolabb:nTTPgcvB8YxMKu7abb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57e4ca19c89e5ae16fa7a21ea4a3a75f

Files

57e4ca19c89e5ae16fa7a21ea4a3a75f
.dll windows:4 windows x86 arch:x86

c8d174854dd729152748bc79c08a28e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strncpy
wcstombs
strcat
_snprintf
strchr
memcpy
srand
rand
_access
sprintf
strstr
_except_handler3
malloc
free
_stricmp
strrchr
memset
strlen
strncmp
memmove
strncat
strtok
_adjust_fdiv
_initterm
_onexit
__dllonexit

kernel32

FreeConsole
Sleep
GetSystemDirectoryA
CreateFileA
GetFileTime
CloseHandle
SetFileTime
lstrcmpiA
lstrlenA
GetModuleFileNameA
DeleteFileA
GetFileAttributesA
CopyFileA
GetTickCount
MoveFileExA
CreateMutexA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatusEx
OpenProcess
GetComputerNameA
CreateThread
WaitForSingleObject
TerminateThread
GetCurrentProcess
WinExec
CreateProcessA
ExitProcess
ExitThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocaleInfoA

user32

wsprintfA
GetSystemMetrics
FindWindowA
GetWindowThreadProcessId
ExitWindowsEx

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
StartServiceA
DeleteService
RegQueryValueExA
CreateServiceA
RegOpenKeyA
OpenProcessToken
GetTokenInformation
LookupAccountSidW
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

ws2_32

inet_addr
gethostbyname
closesocket
htons
socket
connect
send
sendto
WSAStartup
WSASocketA
WSACleanup
setsockopt
htonl
ioctlsocket
select
recv
shutdown

Exports

Exports

InstallSS
ServiceMain
ShellMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8d174854dd729152748bc79c08a28e7

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

pdh

wininet

ws2_32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB