5b330e29e9ec846db546d1a803cd4e68

Sharing

Copy URL Twitter E-mail

General

Target

5b330e29e9ec846db546d1a803cd4e68
Size

108KB
MD5

5b330e29e9ec846db546d1a803cd4e68
SHA1

cff4d79de8bc9e6bce5b08cced2b0c882b38df37
SHA256

e868afe84df03b9bed191bd6ed1cf8d6974cd074797c8506038313671777f21a
SHA512

0e3a7acc2bb14ff4ad401b2fa907c817f9eb7aaef4fb82b47d9263865f60adce32699c72a87a3738a3a613d2cd804af32880a11c8c6d2522cd27b2e9197d0320
SSDEEP

3072:a84p/Rem/GAdmnNlDoMJxsJiqVhryq4vk:a7p/TANdsJNVhri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b330e29e9ec846db546d1a803cd4e68

Files

5b330e29e9ec846db546d1a803cd4e68
.dll windows:4 windows x86 arch:x86

d6e2afb7b60beb9881764706807d64fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

WOW32DriverCallback
joyGetPos
mmioInstallIOProcA
timeBeginPeriod
timeKillEvent
waveInGetDevCapsA
waveInReset
waveInStart
waveOutPrepareHeader
waveOutRestart
waveOutUnprepareHeader
PlaySoundW

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHFileOperationW

user32

TranslateMessage
DestroyWindow
DialogBoxParamA
DispatchMessageA
EmptyClipboard
EnumPropsA
GetForegroundWindow
GetKeyState
GetTopWindow
LoadIconA
MessageBoxW
CharLowerBuffA
CharLowerW
CharToOemA
CreateWindowExA
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
RegisterClassA
RegisterShellHookWindow
UpdateWindow
DefWindowProcA
ShowWindow
SetUserObjectSecurity
SetSystemCursor
SetRect
RemoveMenu

ws2_32

WSAGetLastError
WSAStringToAddressA
WSAUnhookBlockingHook
socket
listen
htons
gethostbyname
connect
closesocket

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

PropVariantClear
StgPropertyLengthAsVariant
IsEqualGUID

advapi32

CancelOverlappedAccess
BuildExplicitAccessWithNameW
SetUserFileEncryptionKey
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
OpenTraceW
LsaSetInformationTrustedDomain
LsaRemoveAccountRights
LsaClearAuditLog
ImpersonateNamedPipeClient
GetTrusteeNameW
GetTraceEnableFlags
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
AddAccessDeniedAce

kernel32

HeapAlloc
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTempPathW
GetSystemInfo
GetModuleHandleA
GetLogicalDriveStringsW
GetFileInformationByHandle
GetFileAttributesExA
GetExitCodeProcess
GetCurrentProcessId
GetConsoleOutputCP
GetConsoleMode
GetConsoleAliasA
GetCommandLineA
GetBinaryTypeA
FormatMessageA
FlushConsoleInputBuffer
FindNextVolumeW
FindAtomA
ExitProcess
EraseTape
EnumTimeFormatsA
lstrcmpA
WaitForMultipleObjectsEx
TlsGetValue
SetEnvironmentVariableA
RemoveDirectoryW
ReadFile
OpenJobObjectW
MulDiv
DuplicateHandle
DeleteCriticalSection
CreateSemaphoreA
CreateFileA
LocalShrink
LocalLock
HeapFree
HeapCreate
CloseHandle
BindIoCompletionCallback
BeginUpdateResourceA
Beep

dinput

DirectInputCreateW

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6e2afb7b60beb9881764706807d64fb

Headers

File Characteristics

Imports

winmm

shell32

user32

ws2_32

version

ole32

advapi32

kernel32

dinput

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB