4440c8b2fdfbdc502cf2af384ef56a382118947419cf9bd93e42e7846c37f288

Sharing

Copy URL Twitter E-mail

General

Target

4440c8b2fdfbdc502cf2af384ef56a382118947419cf9bd93e42e7846c37f288
Size

148KB
MD5

91798c96695a342d47931b084f7c82fd
SHA1

95bf7d15ff6f774c2b1002664de0f9eddf8294bc
SHA256

4440c8b2fdfbdc502cf2af384ef56a382118947419cf9bd93e42e7846c37f288
SHA512

75df89181ef7868c05a701ad43c4bdff2d46ce50e6235a7f7521db1476060eef1b0813ca8c059eb5017fa3c0c3f08b43d05eb9093b088bbbeeef8ed19db8d571
SSDEEP

1536:cVn355UmKjdPXWGSPhMCw55up+PxjSbIt2IHS2H+j4fM1NkhRV6p:EbURJXpm9WL7Sy+c01ihRV6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4440c8b2fdfbdc502cf2af384ef56a382118947419cf9bd93e42e7846c37f288

Files

4440c8b2fdfbdc502cf2af384ef56a382118947419cf9bd93e42e7846c37f288
.dll windows:6 windows x86 arch:x86

6285c06580b9f919aa3543802718b58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
MultiByteToWideChar
CreateFileW
CloseHandle
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
WideCharToMultiByte
GetStringTypeW
GetLastError
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
ExitProcess
HeapSize
WriteFile
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
InitOnceExecuteOnce
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringEx
LCMapStringEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

wsock32

htonl

Exports

Exports

CreatePacketParser
FreePacketParser
PPVersion
PacketParser
RegFrameCallBack

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6285c06580b9f919aa3543802718b58e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB