7ad4a6c012ad3d5a43dcccd7e628c267

Sharing

Copy URL

Twitter E-mail

General

Target

7ad4a6c012ad3d5a43dcccd7e628c267
Size

72KB
MD5

7ad4a6c012ad3d5a43dcccd7e628c267
SHA1

cba95724a9504743bf283d73799ee04f8192cef2
SHA256

176429878efa62b297913fdf92970c5451246aaf4ea68cc36e7e99f1f7763c82
SHA512

79eba31b62ec2d80c643807ebfb7bf5375b394a947c6670e77561dc5d1ddccc27289961d648ad3d670ffa07d0dfdc97b3f3f7567fdbe1fe4f233bcc0c13225a4
SSDEEP

1536:pp9MBaufteVVTGxZOQoDdYsHY9qDTYaTPVixP9OZ:pp9MBaWEvGK1T6qYIPkjOZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ad4a6c012ad3d5a43dcccd7e628c267

Files

7ad4a6c012ad3d5a43dcccd7e628c267
.dll windows:4 windows x86 arch:x86

ff54148d984ded4e173d79509282abc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2077
ord2029
ord535
ord523
ord1247
ord791
ord6394
ord5450
ord6383
ord5440
ord823
ord2763
ord4129
ord926
ord5710
ord922
ord2764
ord4278
ord860
ord537
ord941
ord3663
ord939
ord3811
ord2820
ord858
ord2818
ord825
ord540
ord800

msvcrt

??1exception@@UAE@XZ
__dllonexit
memmove
_stat
fread
sscanf
sprintf
fwrite
free
fclose
_except_handler3
strncmp
strchr
printf
atoi
malloc
_mbscmp
__CxxFrameHandler
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fopen
_strnicmp

kernel32

GetShortPathNameA
CloseHandle
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
OpenProcess
FreeLibrary
SetCurrentDirectoryA
GetSystemInfo
GetVersionExA
GetTickCount
GetComputerNameA
TerminateProcess
TerminateThread
CreateProcessA
GetCurrentDirectoryA
DisconnectNamedPipe
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
CreatePipe
GetLastError
ReadFile
PeekNamedPipe
WriteFile
FindNextFileA
DeleteFileA
ExitThread
FindFirstFileA
CreateFileA
CreateThread
CreateMutexA
DisableThreadLibraryCalls
WaitForSingleObject
lstrlenA
Sleep
GetDriveTypeA
GetVolumeInformationA
GetSystemDirectoryA
GlobalMemoryStatus
GetModuleFileNameA

user32

TranslateMessage
ExitWindowsEx
wsprintfA
PeekMessageA
DispatchMessageA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
RegDeleteKeyA
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegSetValueExA

ws2_32

listen
__WSAFDIsSet
connect
bind
inet_addr
WSASetLastError
accept
WSAStartup
send
closesocket
WSACleanup
ntohs
gethostname
gethostbyname
inet_ntoa
recv
socket
setsockopt
htonl
select
htons
WSAGetLastError

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

msvcirt

??0fstream@@QAE@XZ
??1ios@@UAE@XZ
??1fstream@@UAE@XZ
?close@fstream@@QAEXXZ
??_Dfstream@@QAEXXZ

iphlpapi

GetUdpTable
GetTcpTable

msvcp60

??1bad_alloc@std@@UAE@XZ
??_7bad_alloc@std@@6B@

Exports

Exports

_DllMain@12

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff54148d984ded4e173d79509282abc1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

psapi

msvcirt

iphlpapi

msvcp60

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB