7f7298f1516e6c3383d5f00a82bbce20

Sharing

Copy URL Twitter E-mail

General

Target

7f7298f1516e6c3383d5f00a82bbce20
Size

560KB
MD5

7f7298f1516e6c3383d5f00a82bbce20
SHA1

5f34e98ba133ad8b560d45147d1f0a0e2f1cc8e9
SHA256

f1bbef669b79f15132c1fa435f48f479649966e23608effdb73c739e7efeb640
SHA512

bdc2845723e05a69f4f7cdb36dba4643ab8450cbb703bcea1edc4a24115d1aa348af7b930550624fe3330880476f4eda20ae542e368afc2239a3ad7582874a41
SSDEEP

3072:BJBCvsW1Rw46DkYcywHtlJxgtO+Uk+F7r7aMidCDsK/nwJRHYaJQz5B8bACz9RYg:BbCMf/SDL0cZwJR4aynMf1diS2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f7298f1516e6c3383d5f00a82bbce20

Files

7f7298f1516e6c3383d5f00a82bbce20
.dll windows:4 windows x86 arch:x86

959c4187e8362053c2f9c1487bb8f2be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\prj\mok_20111012\release\scottgriffin.pdb

Imports

wininet

HttpOpenRequestA
InternetSetFilePointer
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetOpenUrlA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
HttpQueryInfoA

kernel32

GetStringTypeW
SetEndOfFile
LCMapStringW
GetLastError
GetProcAddress
CompareStringA
InterlockedExchange
LoadLibraryA
FreeLibrary
CompareStringW
GetLocaleInfoA
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemDirectoryA
CreateProcessA
CloseHandle
lstrlenA
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
LoadLibraryW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
SetEnvironmentVariableA
FlushFileBuffers
GetThreadLocale
GetVersionExA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetModuleHandleA
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
GetFileType
CreateFileA
GetTimeZoneInformation
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
ReadFile

user32

UnregisterClassA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
RegSetValueExA

Exports

Exports

ServiceMain
_HandlerEx@16

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959c4187e8362053c2f9c1487bb8f2be

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 316KB - Virtual size: 314KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 316KB - Virtual size: 314KB

.reloc
Size: 20KB - Virtual size: 18KB