7fbba5080cfb5617ec6ae6a5dce9a8b8

Sharing

Copy URL Twitter E-mail

General

Target

7fbba5080cfb5617ec6ae6a5dce9a8b8
Size

100KB
MD5

7fbba5080cfb5617ec6ae6a5dce9a8b8
SHA1

39425a8d962320edfd0ddbd071f53b521bf08c0b
SHA256

e98e8954200a7aaaf3c97be757aad76225adabc68262b97e50ba6b28d6018763
SHA512

c04d0a9e3f872af64a5c859ea958165a961145b0c48bfc8744d85923533b66e77f5beec213443e470b7bf9eb1b30fa1c554d7834792dc9b3e2a966f1cba0d638
SSDEEP

3072:yRCdAqWHqkgIM/gX8L8SgHv3saczijPgzT:yRHhFXCle3s1ijU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fbba5080cfb5617ec6ae6a5dce9a8b8

Files

7fbba5080cfb5617ec6ae6a5dce9a8b8
.dll windows:4 windows x86 arch:x86

00cfd8336d182a934fbd429eab22fe74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcess
GetExitCodeThread
ExitProcess
CreateEventW
MoveFileExA
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
TerminateProcess
GetModuleFileNameA
MoveFileA
WaitForMultipleObjects
LoadLibraryExA
GetModuleHandleA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
WinExec
CreateFileW
lstrcatW
GetTempPathW
LocalSize
GetCommandLineA
GetCurrentProcessId
OpenThread
OpenProcess
GetExitCodeProcess
Process32First
GetTickCount
lstrcmpiA
CopyFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
FindFirstFileA
LocalReAlloc
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVersion
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
Sleep
CancelIo
InterlockedExchange
lstrcpynA
lstrcpyA
lstrlenA
LocalAlloc
LocalFree
ResetEvent
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
CreateEventA
WaitForSingleObject
TerminateThread
CloseHandle
Process32Next
GetComputerNameA
GetTempPathA
SleepEx
GetLocalTime
GetTempFileNameA
PeekNamedPipe

user32

keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
SystemParametersInfoA
GetDesktopWindow
ReleaseDC
GetCursorPos
GetCursorInfo
CreateWindowExA
PostMessageA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CreateDesktopA
GetWindowTextW
FindWindowW
ExitWindowsEx
GetWindowThreadProcessId
OpenDesktopA
SendMessageA
BlockInput
DestroyCursor
LoadCursorA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
CloseWindow
IsWindow
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
CharNextA
PeekMessageA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

CreateProcessAsUserA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
GetUserNameA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
OpenThreadToken
RegQueryValueExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegDeleteKeyA
SetServiceStatus
DuplicateTokenEx
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerA

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

_stricmp
_strlwr
isalpha
_strupr
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
wcslen
_access
wcsstr
strtok
strncpy
realloc
exit
_strnicmp
_vsnprintf
sprintf
strcat
_snprintf
strrchr
strncat
_except_handler3
free
strcmp
malloc
_CxxThrowException
memcmp
time
srand
rand
strchr
strcpy
atoi
strstr
strlen
_ftol
ceil
memmove
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
memset

winmm

waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutOpen
waveOutGetNumDevs
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACleanup
WSAIoctl
setsockopt
gethostbyname
closesocket
connect
ntohs
htons
WSAGetLastError
socket
getsockname
gethostname
send
select
recv
inet_addr
WSAStartup

dnsapi

DnsQuery_A
DnsRecordListFree

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

dbghelp

MakeSureDirectoryPathExists

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationA
WTSEnumerateProcessesA
WTSFreeMemory
WTSEnumerateSessionsA

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvfw32

ICSeqCompressFrame
ICOpen
ICSeqCompressFrameStart
ICSendMessage
ICCompressorFree
ICSeqCompressFrameEnd
ICClose

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ExRundll
ExRundllA
ExRundllW
ExtensionFunVer1
ProtectFunVer2
ServiceMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00cfd8336d182a934fbd429eab22fe74

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

dnsapi

msvcp60

dbghelp

wtsapi32

imm32

wininet

msvfw32

psapi

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 11KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB