58e7019ee6d9671d867eb8e5e198bdcb

Sharing

Copy URL Twitter E-mail

General

Target

58e7019ee6d9671d867eb8e5e198bdcb
Size

176KB
MD5

58e7019ee6d9671d867eb8e5e198bdcb
SHA1

511167e318508fd4de816e531d637be7b651bef6
SHA256

3ad2bc41a9f123d4ad65147e5becfb2d398a40a77366fcd12e09ffb290428261
SHA512

1236b3e66fc05b9107c668005976338301dd43cca28f2cccca8c52b318eab543cb8d0682a8383dcb5270ab790a7414cee842b6293dde2f910b3fa0e817569198
SSDEEP

3072:jaJiZNYgJei78GpS5gWVfXo8FJUJfTYQrLX9DuM0fqQ5+Krbc:jSWDuPp7UxX9D70fqPs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58e7019ee6d9671d867eb8e5e198bdcb

Files

58e7019ee6d9671d867eb8e5e198bdcb
.dll windows:5 windows x86 arch:x86

2212d0f00a38f5a2c5d017a4b100a0da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
WaitForMultipleObjects
GetStartupInfoA
LocalSize
OpenProcess
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
GetCurrentProcess
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
CreateFileA
OpenEventA
SetErrorMode
CreateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
WriteFile
ExitProcess
HeapReAlloc
CreateProcessA
lstrcatA
MoveFileA
ReadFile
SetFilePointer
GetFileSize
DeleteFileA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
ResetEvent
GetLastError
CloseHandle
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
VirtualAlloc
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
HeapDestroy
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
WideCharToMultiByte
GetCommandLineA

user32

wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
keybd_event
CharNextA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
MapVirtualKeyA
GetWindowThreadProcessId
LoadIconA
RegisterClassA
LoadMenuA
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
ExitWindowsEx
GetCursorPos
SetRect
GetDC
ReleaseDC
GetCursorInfo
DestroyCursor
SendMessageA
BlockInput
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData

gdi32

DeleteDC
CreateDCA
GetStockObject

advapi32

RegDeleteKeyA
RegRestoreKeyA
RegOpenKeyExA
RegSaveKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
SetServiceStatus
RegOpenKeyA
RegQueryValueExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog
RegisterServiceCtrlHandlerA

shell32

SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
setsockopt
send
WSACleanup
recv
select
WSAIoctl
htons
gethostbyname
socket
getsockname

Exports

Exports

EndWork
Runing
ServiceMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2212d0f00a38f5a2c5d017a4b100a0da

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB