7fb81b98bb77b54c2f69ab7c19d8bc25

Sharing

Copy URL

Twitter E-mail

General

Target

7fb81b98bb77b54c2f69ab7c19d8bc25
Size

605KB
MD5

7fb81b98bb77b54c2f69ab7c19d8bc25
SHA1

bfd82e8164088d905576f66f2010e5f1fb1e892f
SHA256

6700cc014e9ef5473a909a0c10d644661ccd0750ca942abd458cec91e32bf551
SHA512

6a42a3b31cdd34436f92f6eeb29e968a81cde00a69adcae8174231faa9bc7e9ec0f5d4a5f419591cb425ddff936f11a6493310f24f8f3ea83f3993e07996efb5
SSDEEP

12288:/edbxfx8d3fbkRXgeSVpZJosJe9ln3KuUliVjjP:/e3fYYRk/Xw9t3KniV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

7fb81b98bb77b54c2f69ab7c19d8bc25

resource
7fb81b98bb77b54c2f69ab7c19d8bc25

Files

7fb81b98bb77b54c2f69ab7c19d8bc25
.dll windows:6 windows x86 arch:x86

d1717eaefe1fb17487eba111c4bda688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\346\front\Both\show \heav\second.pdb

Imports

kernel32

LocalAlloc
LocalFree
VirtualProtect
FlushFileBuffers
TlsAlloc
CreateEventW
GetTempPathW
GetWindowsDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
CloseHandle
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
GetStdHandle
WriteFile
IsProcessorFeaturePresent
GetLastError
HeapValidate
GetSystemInfo
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
GetProcessHeap
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
LCMapStringW
CreateFileW

user32

GetMessageW
RegisterClassExA
EndDialog
CloseClipboard
SystemParametersInfoW
MapDialogRect
LoadIconW
OffsetRect
FrameRect
ClientToScreen
GetWindowTextLengthW
ReleaseCapture

msdmo

MoFreeMediaType
MoDeleteMediaType
MoDuplicateMediaType
MoInitMediaType

Exports

Exports

Stick
Teethhave

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1717eaefe1fb17487eba111c4bda688

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msdmo

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 252KB - Virtual size: 252KB

.data Size: 5KB - Virtual size: 644KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 252KB - Virtual size: 252KB

.data
Size: 5KB - Virtual size: 644KB

.reloc
Size: 9KB - Virtual size: 9KB