8145fe7059ab8f161790faec1021f5896ae3949e8a0ab723ffd86138410141a3

Sharing

Copy URL Twitter E-mail

General

Target

8145fe7059ab8f161790faec1021f5896ae3949e8a0ab723ffd86138410141a3
Size

199KB
MD5

837f890a0a1542b43102fe1acf5c31da
SHA1

b7c565f93f4cca3d64c0477b0c04290599ac1d33
SHA256

8145fe7059ab8f161790faec1021f5896ae3949e8a0ab723ffd86138410141a3
SHA512

01b429ea6fbadf751f6c93be467d29ada15ed2aecb9dd05ab48453cf2f4416bd009a61946ffdb2f0e4cb1daf90baf410f0f4f48c6a449bffc00cc19b67f6d75d
SSDEEP

3072:luL30Czvt558uKqDhtiBV1JCWZzKhjyypzxsI+3ZCZKk7CaLmrwcbJ+Iz5c7r:lW3VkdKhWyNQCZt7CaLOjy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8145fe7059ab8f161790faec1021f5896ae3949e8a0ab723ffd86138410141a3

Files

8145fe7059ab8f161790faec1021f5896ae3949e8a0ab723ffd86138410141a3
.dll windows:6 windows x86 arch:x86

76fb577a7505625c0ea90629b2efb0f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetTcpTable

kernel32

WaitForSingleObject
Sleep
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
TerminateProcess
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetThreadPriority
CreateThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleFileNameA
SetEndOfFile
OutputDebugStringW
CreateFileW
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
WriteConsoleW
SetStdHandle
ReadConsoleW
LoadLibraryExW
HeapReAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
DecodePointer
GetStringTypeW
ExitThread
ResumeThread
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
FindClose
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableA

ws2_32

WSAStartup
WSAGetLastError
shutdown
socket
closesocket
send
accept
connect
inet_ntoa
recvfrom
inet_addr
htons
setsockopt
sendto
recv
bind
listen

Exports

Exports

?C15@@YAHPAXHH@Z
?S15@@YAHPAXHH@Z
A01
A02
A03
C01
C0101
C0105
C02
C03
C04
C0401
C04WithPID
C04WithPIDWithLog
C04WithPID_V2
C05
C06
C07
C07100
C08
C09
C15
S01
S0105
S02
S03
S04
S15

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76fb577a7505625c0ea90629b2efb0f8

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB