79316135772bebcae9f5f783d3dad389

Sharing

Copy URL

Twitter E-mail

General

Target

79316135772bebcae9f5f783d3dad389
Size

59KB
MD5

79316135772bebcae9f5f783d3dad389
SHA1

cabcba50de3287f19e113ca86334e5ae1596f0c7
SHA256

692ebdf827b07301d0a2c2271ca14264d0a3abb8a36fb367508e45185165e78e
SHA512

3cbd5f123f95e6e6bc5c5e2426e7df7bca2c68c63c9989b91655f94d1103fbcd7a49e5d56869537d5996511d657e596d271a511c6333bf44526e0c7c199f0ff6
SSDEEP

768:VoetKTxv2paOxslcU0GcnyiguH/HQ+r/VB/qYmdOjXGR/1E+lVzq7I:iM+o0eslcBGc9HLxlqzYwRlVO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79316135772bebcae9f5f783d3dad389

Files

79316135772bebcae9f5f783d3dad389
.dll windows:4 windows x86 arch:x86

f39c4f1f909e39745292ac91d1375b7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2077
ord2029
ord535
ord523
ord1247
ord791
ord6394
ord5450
ord6383
ord5440
ord2763
ord4129
ord926
ord5710
ord922
ord2764
ord4278
ord537
ord941
ord939
ord3811
ord2820
ord858
ord540
ord825
ord800
ord3663
ord823
ord860
ord2818

msvcrt

_strnicmp
exit
_mbscmp
??1exception@@UAE@XZ
free
_except_handler3
wcscmp
_strupr
strstr
sscanf
malloc
strncmp
strchr
atoi
printf
sprintf
__CxxFrameHandler
_vsnprintf
fopen
fclose
_strtime
_strdate
fprintf
_iob
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strtok
_strcmpi

kernel32

DuplicateHandle
GetVersionExA
CreateThread
WaitForMultipleObjects
DisconnectNamedPipe
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetEnvironmentVariableW
FreeLibrary
OpenProcess
GetShortPathNameA
CreatePipe
ReadFile
PeekNamedPipe
WriteFile
CreateFileA
lstrlenA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GlobalMemoryStatus
GetComputerNameA
GetSystemInfo
HeapFree
HeapAlloc
GetProcessHeap
Process32Next
ExitThread
GetTickCount
CreateMutexA
GetPrivateProfileIntA
GetPrivateProfileStringA
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateToolhelp32Snapshot
GetWindowsDirectoryA
Sleep
DeleteFileA
GetSystemDirectoryA
SetCurrentDirectoryA
GetLastError
TerminateThread
CreateProcessA
TerminateProcess
LocalFree
LocalAlloc
CloseHandle
Process32First

user32

DispatchMessageA
PeekMessageA
TranslateMessage
ExitWindowsEx
wsprintfA

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegDeleteKeyA
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
StartServiceA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

ws2_32

connect
WSAGetLastError
socket
htonl
listen
__WSAFDIsSet
accept
gethostname
gethostbyname
inet_ntoa
htons
bind
setsockopt
inet_addr
WSASetLastError
recv
WSAStartup
closesocket
WSACleanup
send
select

psapi

GetModuleFileNameExA
EnumProcesses
GetModuleBaseNameA
EnumProcessModules

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile

winmm

timeGetTime

msvcirt

??0fstream@@QAE@XZ
??1ios@@UAE@XZ
??1fstream@@UAE@XZ
?close@fstream@@QAEXXZ
??_Dfstream@@QAEXXZ

netapi32

NetUserEnum
NetApiBufferFree

msvcp60

??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ

Exports

Exports

_DllMain@12

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39c4f1f909e39745292ac91d1375b7f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

urlmon

ws2_32

psapi

wininet

winmm

msvcirt

netapi32

msvcp60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 3KB - Virtual size: 3KB