7a81e74fbb756bab10e8345e777bb322

Sharing

Copy URL Twitter E-mail

General

Target

7a81e74fbb756bab10e8345e777bb322
Size

79KB
MD5

7a81e74fbb756bab10e8345e777bb322
SHA1

131cef4b26fe6affea673f8d01b4efebf7f4e349
SHA256

55c149211108876ebebb78152d1dbcdd58772f4af2b35b2d7933c8a382545cfa
SHA512

b117c6d335e975d277ef799cac10a54ad4c3f7f71881ec8c7d06b04310d1af96b5e8bf691fdad4442dbdbf3d3264057b01c24d930f1a64ca2c5928732d180a6d
SSDEEP

1536:5/aDCeKVsm5INCQo2r6F8hiB9cpL+K1dnSGQwP:5x5ar6F8h8aLl1dnSk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a81e74fbb756bab10e8345e777bb322

Files

7a81e74fbb756bab10e8345e777bb322
.dll windows:4 windows x86 arch:x86

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileSectionA
GetFileSize
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTempPathA
GetTickCount
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetCurrentThreadId
HeapDestroy
HeapFree
LoadLibraryA
MoveFileA
OpenEventA
ResetEvent
ResumeThread
HeapCreate
SetErrorMode
SetEvent
SetFilePointer
Sleep
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
WritePrivateProfileSectionA
CreateMutexA
GetWindowsDirectoryA
CreateProcessA
GetEnvironmentVariableA
FormatMessageA
GetLocaleInfoA
ReadFile
ReleaseMutex
CreateThread
CreatePipe
DuplicateHandle
GetCurrentProcess
GetExitCodeProcess
PeekNamedPipe
TerminateProcess
GetCommModemStatus
GetLocalTime
GetVersion
CloseHandle
FreeLibrary
DeleteFileA
CopyFileA
CreateFileA
CreateEventA
WaitForSingleObject
WriteFile
GetFileType

user32

IsClipboardFormatAvailable
KillTimer
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
GetWindowThreadProcessId
PostQuitMessage
PostThreadMessageA
RegisterClassA
RegisterWindowMessageA
SendMessageA
SetWindowsHookExA
ShowWindow
GetClipboardData
GetParent
GetWindowTextA
CharToOemBuffA
OemToCharBuffA
PostMessageA
EnumWindows
GetClassLongA
GetActiveWindow
FindWindowA
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
CloseClipboard
GetMessageTime
SetTimer
UnhookWindowsHookEx
GetClassNameA
UnregisterClassA
CallNextHookEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA

wsock32

send
WSAGetLastError
accept
bind
closesocket
connect
getsockname
ioctlsocket
listen
recv
WSACancelAsyncRequest
shutdown
inet_ntoa
inet_addr
gethostname
WSAAsyncSelect
WSAAsyncGetHostByName
socket
WSAStartup
WSACleanup

rasapi32

RasDialA
RasHangUpA

shell32

ShellExecuteA

Exports

Exports

init

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 840B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

rasapi32

shell32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.bss Size: - Virtual size: 840B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.bss
Size: - Virtual size: 840B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB