66b02d828d536ce4ed2d6eae4da0a27a

Sharing

Copy URL

Twitter E-mail

General

Target

66b02d828d536ce4ed2d6eae4da0a27a
Size

57KB
MD5

66b02d828d536ce4ed2d6eae4da0a27a
SHA1

44d48ef3998317c3bbb8d8f73f8682d3597fa338
SHA256

fcf138aa9377869f1f91b55107559e6f7dfc55e96514a414d018489d7ffac7ce
SHA512

ced88f22da162d1d32126ea5f16922d84c71c32984542ce59e46d37d48b9a67847a995648432ab1c715034f616dd639f9f1fb5aed87cb27c873f0f8297da343b
SSDEEP

768:OfbkuHh143hrQVr4j0MyQovVRuCq/72LuuWC29zh2ULGV:ebkuHh143hk14Y3nqqyuWC2Rh2Uq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66b02d828d536ce4ed2d6eae4da0a27a

Files

66b02d828d536ce4ed2d6eae4da0a27a
.dll windows:4 windows x86 arch:x86

4ea7fb5164665f4db9d8b54362b77bdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleBaseNameW

shell32

ShellExecuteW
SHCreateDirectoryExW

kernel32

GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
SetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
WritePrivateProfileStringW
GetCurrentThread
GetCurrentProcess
GetPrivateProfileIntW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
TerminateProcess
SetErrorMode
IsDebuggerPresent
lstrlenW
GetPrivateProfileStringW
UnhandledExceptionFilter
GetLastError
VirtualQueryEx
GetThreadSelectorEntry
ReadProcessMemory
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Nomemory@std@@YAXXZ

msvcr71

localtime
__CxxFrameHandler
_CxxThrowException
wcslen
wcsncpy
swprintf
time
fclose
fwrite
strlen
sprintf
_wfopen
memset
??3@YAXPAX@Z
wcsftime
__dllonexit
memcmp
_except_handler3
memcpy
malloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
free
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_onexit

Exports

Exports

_XL_EnableModuleLoadLog@4
_XL_EnableReportAutoRestartApp@8
_XL_EnableThreadLog@4
_XL_InitBugHandler@20
_XL_IsEnableModuleLoadLog@0
_XL_IsEnableThreadLog@0
_XL_SetAlwaysSendReport@4
_XL_SetBugReportRootDir@4
_XL_SetPeerID@4
_XL_SetReportShowMode@4

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ea7fb5164665f4db9d8b54362b77bdf

Headers

File Characteristics

Imports

psapi

shell32

kernel32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 256KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 256KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB