65785799c3d48203c356c82858294ffd

Sharing

Copy URL Twitter E-mail

General

Target

65785799c3d48203c356c82858294ffd
Size

24KB
MD5

65785799c3d48203c356c82858294ffd
SHA1

5adfe9b6b91d4518bd0ecba3715b65d6d15a3e6e
SHA256

74b37394ff280fe1fcbbd9def5eb9a7ebf69fa7c80e1ebe618308e153afbd439
SHA512

82e6e8250fa029f39a206a11899c3b0960bc7389b761bacbb3f1cc1e7a6a0c900c35b017686a8c78b41ae4cd352346f9af8aca4f582d725e5b7f1a62d24357b2
SSDEEP

192:pugMxFP14Kk641pyl7+cmmz63n83Kh41DohloW6Sd:sgMNb+yd+cD638rDohuc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65785799c3d48203c356c82858294ffd

Files

65785799c3d48203c356c82858294ffd
.dll windows:4 windows x86 arch:x86

da3ccd776961b87872e50b3134a0a367

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
LoadLibraryA
CreateThread
CreateMutexA
VirtualProtect
Process32Next
ReadProcessMemory
GetProcAddress
CreateEventA
GetSystemDirectoryA
SetEvent
WaitForSingleObject
MultiByteToWideChar
ExitProcess
WideCharToMultiByte
GetCurrentDirectoryA
OpenProcess
TerminateProcess
CloseHandle
WriteProcessMemory
Sleep

user32

SetTimer
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
KillTimer
PostThreadMessageA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

fclose
_adjust_fdiv
fread
_strlwr
memcpy
strncmp
_itoa
exit
fopen
free
_initterm
malloc
strcat
strcpy
strlen
memset
strcmp
??2@YAPAXI@Z
__CxxFrameHandler
_EH_prolog
rename
memcmp

ws2_32

WSAGetLastError
recv
__WSAFDIsSet
select
connect
socket
gethostbyname
inet_addr
htons
WSAStartup
send
closesocket

Exports

Exports

JumpHookOff
JumpHookOn
SetHook
UnHook

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da3ccd776961b87872e50b3134a0a367

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcp60

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 832B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 832B