7a8900483039e7b8bf93268193e93431

Sharing

Copy URL Twitter E-mail

General

Target

7a8900483039e7b8bf93268193e93431
Size

27KB
MD5

7a8900483039e7b8bf93268193e93431
SHA1

ccb21c09cedd2c8ca50738b9ffd208cd8a3c456d
SHA256

4ff3f3538e03bf1d02218a29d8329d138e406ffaac9632377df878b7a5da86de
SHA512

cc55b334c6c30afc340aef750ba8dc1014ff89e9b7cd1e7b6cdb69ce4de8c769056dd0f1a725886e39d5bb0d0ef3b8651662d0271983fd015b9c9bc24fa8ff36
SSDEEP

768:nywMMK8RABkbRGG1Leoz2A4VFNMZp85AKJg5ojmBvg:yAlRtRGoLeog6Z4g5ojmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a8900483039e7b8bf93268193e93431

Files

7a8900483039e7b8bf93268193e93431
.dll windows:4 windows x86 arch:x86

98e3622d6e6fce6843b333fb6bb57153

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
GetSystemDirectoryW
GetDriveTypeW
GetComputerNameW
GetLogicalDrives
WaitForSingleObject
CreateProcessW
LocalFree
lstrcpynW
LocalAlloc
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
SetCurrentDirectoryW
GetTempPathA
GetModuleFileNameW
GetFileSize
GetFileTime
CreateFileW
lstrcpyW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
GetProcAddress
LoadLibraryW
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
lstrcatW
lstrcmpiW
CreateThread
TerminateThread
DeleteFileA
GetSystemDirectoryA
Sleep
GetCurrentThreadId
CloseHandle

user32

CloseWindowStation
CloseDesktop
GetSystemMetrics
GetDC
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
GetKeyboardState
GetKeyState
GetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
GetProcessWindowStation
GetThreadDesktop

gdi32

CreateCompatibleBitmap
GetDIBits
BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC

shell32

ShellExecuteW

msvcrt

wcstombs
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_errno
_wtoi
_local_unwind2
_except_handler3
wcsncpy
_wcsicmp
swprintf
_wcsnicmp
wcscpy
wcsncat
wcslen
wcscmp
__CxxFrameHandler
fclose
fwrite
fseek
_wfopen
free
malloc
fprintf
fopen
printf
_CxxThrowException
??2@YAPAXI@Z
putc
getc
rewind
ftell
fread
wcscat

ws2_32

closesocket
connect
gethostbyname
bind
htons
WSASocketW
send
recv
__WSAFDIsSet
select
inet_addr
accept
socket
listen
setsockopt
WSACleanup
WSAStartup

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98e3622d6e6fce6843b333fb6bb57153

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcrt

ws2_32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 2KB - Virtual size: 1KB