7e1d04c92ec5305b52d2cb67f36caed1

Sharing

Copy URL Twitter E-mail

General

Target

7e1d04c92ec5305b52d2cb67f36caed1
Size

410KB
MD5

7e1d04c92ec5305b52d2cb67f36caed1
SHA1

bdff03dbf2facbf5103f99302b2f5015a95d856e
SHA256

e9a810506265c08b5d5ccd6d77c93d067efeccaec6ac7fdf6950f256ab5578e6
SHA512

4d8f0788fe8c932800200a52bb48c060d416d192e248f89700c3e471c04de1465176ac3303dba7699068b21e15ee2087396b36858165d47fa0284ee7ad0a8bf4
SSDEEP

12288:/U2M7/WhIX3H3L5bG2LiaTYUjU4Uzg1RQ:M2Y/WhInXw2LRY41UKRQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e1d04c92ec5305b52d2cb67f36caed1

Files

7e1d04c92ec5305b52d2cb67f36caed1
.dll windows:4 windows x86 arch:x86

f6e45bf8307390522f65b389accd9148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

dnsapi

DnsReplaceRecordSetW

kernel32

LocalSize
lstrcmpiW
GetVolumeInformationW
CloseHandle
GetVersionExA
SizeofResource
TerminateProcess
EnterCriticalSection
GetShortPathNameW
LoadResource
InterlockedCompareExchange
GetTickCount
ExpandEnvironmentStringsW
GlobalLock
GetProfileStringW
GetCurrentProcessId
FormatMessageW
TlsSetValue
SetUnhandledExceptionFilter
CreateThread
UnhandledExceptionFilter
GetModuleHandleW
GetDriveTypeW
GlobalFree
LoadLibraryA
GetCurrentDirectoryW
LoadLibraryW
GetModuleHandleA
GetLocaleInfoW
DelayLoadFailureHook
TlsGetValue
SetEvent
SetLastError
LocalReAlloc
FindNextFileW
InitializeCriticalSectionAndSpinCount
CreateEventW
InterlockedIncrement
FindResourceExW
GetSystemTimeAsFileTime
lstrcpynW
LocalAlloc
GetFullPathNameW
DeleteCriticalSection
GetUserDefaultLCID
WaitForSingleObject
lstrlenA
GetSystemDefaultUILanguage
CreateFileW
FreeLibrary
DisableThreadLibraryCalls
lstrcpyA
GetACP
GlobalUnlock
GlobalReAlloc
FindClose
InterlockedExchange
GetFileAttributesW
GetModuleFileNameW
FreeResource
MulDiv
WideCharToMultiByte
FindResourceA
GlobalAlloc
lstrcmpW
InterlockedDecrement
LockResource
LocalFree
GetLastError
TlsFree
TlsAlloc
LeaveCriticalSection
MultiByteToWideChar
ResetEvent
FindFirstFileW
GetProcAddress
SetCurrentDirectoryW
lstrlenW
DeleteFileW
QueryPerformanceCounter
FreeLibraryAndExitThread
GetCurrentProcess
GetProcessVersion
lstrcpyW
GetTempFileNameW
SetErrorMode
FindResourceW
GetCurrentThreadId

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

NtAllocateVirtualMemory
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlAnsiStringToUnicodeString
_wcsicmp
wcslen
NtQueryVirtualMemory
RtlInitUnicodeStringEx
RtlUnicodeStringToAnsiString
strlen
_chkstk
RtlUnwind

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6e45bf8307390522f65b389accd9148

Headers

File Characteristics

Imports

ole32

dnsapi

kernel32

mswsock

ntdll

userenv

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 33KB - Virtual size: 32KB

.rdata Size: 360KB - Virtual size: 359KB

.data Size: 8KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 33KB - Virtual size: 32KB

.rdata
Size: 360KB - Virtual size: 359KB

.data
Size: 8KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 20B