76297600980508a71461a42336f1bd3d

Sharing

Copy URL Twitter E-mail

General

Target

76297600980508a71461a42336f1bd3d
Size

132KB
MD5

76297600980508a71461a42336f1bd3d
SHA1

ee8ef89a6371a664c187f677a5af8502cf31711b
SHA256

2444f50a3d0ebb57f9acdae9e806d43ff987e72043948b09b366668e228dd914
SHA512

0aeaba6e056c03ebb5a420c4f118462859ae867dc98541def0fea7a39625cf9fe076844cafc3fa74e2226ae173982c58cdf4eaeea5e25b70525878d61a53af1a
SSDEEP

1536:AQm3QTRuSAxZp3ajvhIxCnBlKAMni26WWV+UkRQa2siDlwh2DKpTFMWL3Vlr8RWY:AQmvZNajvhbZRg2sJoKpTSq3VlZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76297600980508a71461a42336f1bd3d

Files

76297600980508a71461a42336f1bd3d
.dll windows:4 windows x86 arch:x86

9c2a04c7bd681eec3c5c43c6c964d9f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
FreeLibrary
LoadLibraryW
CreateMutexW
GetModuleFileNameA
WinExec
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
ExitProcess
DeleteFileA
CreateProcessW
GetSystemDirectoryW
GetCurrentThreadId
WriteFile
PeekNamedPipe
GetStartupInfoW
CreatePipe
GetTempPathW
GetWindowsDirectoryW
SetEvent
GlobalMemoryStatus
GetCurrentProcess
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeThread
VirtualFree
MultiByteToWideChar
lstrlenA
GetComputerNameW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetDriveTypeW
FlushFileBuffers
SetStdHandle
WaitForSingleObject
IsBadReadPtr
GetCPInfo
GetOEMCP
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
GetDiskFreeSpaceExW
InterlockedExchange
CreateDirectoryW
MoveFileA
CreateProcessA
ReadFile
CreateFileW
GetFileSize
CloseHandle
GetVolumeInformationW
CreateThread
lstrcpyW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
SetLastError
TlsAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
ReadProcessMemory
VirtualFreeEx
WideCharToMultiByte
GetLastError
Sleep
GetModuleHandleW
CreateEventW
lstrlenW
lstrcatW
FindFirstFileW
FindNextFileW
IsBadCodePtr
FindClose
GetLocaleInfoA
GetACP

user32

TranslateMessage
GetMessageW
IsWindow
SendMessageW
GetDesktopWindow
CreateWindowExW
RegisterClassW
DispatchMessageW
LoadIconW
GetAsyncKeyState
GetKeyState
mouse_event
SetCursorPos
keybd_event
KillTimer
SetTimer
LoadCursorW
DefWindowProcW
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
wsprintfW
FindWindowW
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC
ReleaseDC
GetWindowTextA
EnumChildWindows
GetWindowLongW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize

shell32

SHFileOperationW
ShellExecuteA

oleaut32

VariantInit
VariantClear
SysFreeString

ws2_32

ntohl
inet_addr
send
ntohs
select
getpeername
recv
closesocket
htonl
htons
connect
socket
inet_ntoa
gethostbyname

avicap32

capCreateCaptureWindowW
capGetDriverDescriptionW

gdi32

GetStockObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject

psapi

EnumProcessModules
GetModuleFileNameExW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

Exports

Exports

DownCtrlAltDel
GetDllModuleControl
StartServer
WaitServer

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DKShell
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2a04c7bd681eec3c5c43c6c964d9f0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

ws2_32

avicap32

gdi32

psapi

wininet

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.DKShell Size: 4KB - Virtual size: 520B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.DKShell
Size: 4KB - Virtual size: 520B

.reloc
Size: 12KB - Virtual size: 8KB