749397e47eb590df313598d24c355eca

Sharing

Copy URL Twitter E-mail

General

Target

749397e47eb590df313598d24c355eca
Size

204KB
MD5

749397e47eb590df313598d24c355eca
SHA1

aa1174608f8cc9eb5f7386d65dbc35a7c75acf31
SHA256

9db7c3f34221fa98de2a89582a6f5ac615ecbcb3da41260582a6663db2129421
SHA512

32d776d2939f520ac2f48df8e53b931ff47dd32847f23e8e69a00cb610e6509d30c14207c2b0ee60e7d8c4a5c28b3e84d4f919ed64d5d5518eee87705d84036c
SSDEEP

6144:J2Llc6QDwcET3d7B9+ksG/Piv/TBhAAOrKcFV:JY3QDWTt77+kl/Piv/TfAJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
749397e47eb590df313598d24c355eca

Files

749397e47eb590df313598d24c355eca
.dll windows:5 windows x86 arch:x86

9b1a4aeade69d0813ac4c01d804cd315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
FindFirstFileA
GetLastError
FindClose
FindNextFileA
CloseHandle
DeleteFileA
ExitProcess
WriteFile
Sleep
CreateEventA
SetCurrentDirectoryA
GetFullPathNameW
FindFirstFileW
MoveFileExA
SetFilePointer
GetFileSize
CreateFileA
GetSystemDirectoryA
GetVolumeInformationA
VirtualAlloc
FreeLibrary
VirtualFree
HeapSize
WriteConsoleW
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetProcAddress
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FlushFileBuffers
RtlUnwind
GetStringTypeW
LoadLibraryW
RaiseException

advapi32

RegCreateKeyA
SetServiceStatus
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA
ord165

Exports

Exports

ServiceMain
StartUsbChecker

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b1a4aeade69d0813ac4c01d804cd315

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB