67a1140d634c75d4ec7bda97b3a11eb9

Sharing

Copy URL

Twitter E-mail

General

Target

67a1140d634c75d4ec7bda97b3a11eb9
Size

22KB
MD5

67a1140d634c75d4ec7bda97b3a11eb9
SHA1

45146ce92f746c46db44c0318003aee846e63658
SHA256

75fbd95f442be0be98fe262d963fd48497a7f2044afa76b5416c560c6d5a13ba
SHA512

12dedf261931f8aa278d693bb2608a7bafd24528ad0b1025e3ebeac0de0ef82f33f927c29f455c85b5c9c747c1bb61b5019f858e60048cb1ee343df2d072a111
SSDEEP

384:5F2dquKyJxKu6PW/DijWZP0QL+VleDFaMdu:K4fu6uOjqP0OIlII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67a1140d634c75d4ec7bda97b3a11eb9

Files

67a1140d634c75d4ec7bda97b3a11eb9
.dll windows:4 windows x86 arch:x86

225b20c54f1a8600a73f0b24ab1d1b19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
fseek
fread
memcpy
strchr
fopen
fclose
rand
time
strrchr
malloc
wcscmp
_beginthreadex
_getpid
_strlwr
_stricmp
__CxxFrameHandler
abs
strncpy
strncmp
strcmp
atoi
sprintf
strcat
strstr
strcpy
memset
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetFileAttributesA
CopyFileA
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
WaitForSingleObject
GetFileSize
GetModuleHandleA
VirtualProtect
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
CloseHandle
LoadLibraryA
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateThread
IsBadReadPtr
MultiByteToWideChar
GetSystemDirectoryA
Sleep
GetProcAddress

user32

RegisterShellHookWindow
GetDC
CallWindowProcA
GetClassNameA
GetWindowTextA
EnumWindows
ReleaseDC
GetWindowRect
GetDesktopWindow
DeregisterShellHookWindow
SetWindowLongA
GetClientRect
RegisterWindowMessageA
GetParent
GetWindowThreadProcessId

ws2_32

send
recv
socket
inet_addr
htons
connect
closesocket
gethostbyname
WSAStartup
inet_ntoa
WSACleanup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile

Exports

Exports

KsCreateAllocator
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.muma
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

225b20c54f1a8600a73f0b24ab1d1b19

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

wininet

gdi32

gdiplus

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 642KB

.muma Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 642KB

.muma
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB