7fefada4cef69f76f4bf778cfc3866f5

Sharing

Copy URL Twitter E-mail

General

Target

7fefada4cef69f76f4bf778cfc3866f5
Size

42KB
MD5

7fefada4cef69f76f4bf778cfc3866f5
SHA1

483323cfce80e53dc1aa6308bde156cc7bc90e72
SHA256

c6e4a70b2e8159f8ac2a491a1d681337c129bcc1d92b2e8c58ae2ac05bbb6cb6
SHA512

64a1f0c1c89095de62ca73a4a4191743346a36f417c26863436676481d29c024245775f8cd2dc6f5c1be1d63a30a886d366502c23b5c84b394a4217a4c6c75ba
SSDEEP

384:l6lwO/lCjUX0/O/HIJ0w8VKQ11UtZJA9LzsF0rhAcvL4Zz789YeyqFcZ9Ex5rdYZ:MlSj1/mIJmJct4pXAM0J89LJrdDZoJG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fefada4cef69f76f4bf778cfc3866f5

Files

7fefada4cef69f76f4bf778cfc3866f5
.dll windows:4 windows x86 arch:x86

67dbc24e792ed8c6eb98028a04a3d7ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA
RegDeleteValueA
CreateProcessAsUserA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
OpenThreadToken

ws2_32

gethostbyname
gethostname
socket
WSAStartup
closesocket
inet_addr
recv
send
connect
htons
WSAGetLastError
WSACleanup
inet_ntoa

msvcrt

_adjust_fdiv
malloc
_initterm
free
_vsnprintf
_wcslwr
_access
isdigit
rand
_itoa
time
srand
memmove
__CxxFrameHandler
isalpha
sprintf
strncpy
strstr
atoi
strchr
wcslen
_strlwr
strrchr
_snprintf
exit
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

FormatMessageA
SetEndOfFile
SetFileAttributesA
GetSystemTime
GetShortPathNameA
LoadLibraryA
GetProcAddress
GetTickCount
SleepEx
GetModuleHandleA
LoadLibraryExA
GetWindowsDirectoryA
OpenEventA
VirtualFree
VirtualAlloc
CopyFileA
ReleaseSemaphore
CreateSemaphoreA
CompareFileTime
Sleep
MoveFileA
OpenThread
LocalFree
OpenProcess
GlobalFree
SystemTimeToFileTime
GetLocalTime
GetVersion
lstrcmpA
FindNextFileA
FindClose
lstrcmpiA
GetTempFileNameA
FileTimeToLocalFileTime
MultiByteToWideChar
GetDriveTypeA
GetDiskFreeSpaceExA
TerminateThread
lstrlenW
CreateDirectoryA
CloseHandle
ReadFile
lstrcpynA
GetLastError
SetFilePointer
GetFileSize
ExitThread
CreateThread
WaitForSingleObject
WriteFile
DeleteFileA
GetComputerNameA
lstrlenA
lstrcatA
lstrcpyA
GetVersionExA
MoveFileExA
GetSystemDirectoryA
GetModuleFileNameA
WideCharToMultiByte
GetModuleFileNameW
DisableThreadLibraryCalls

user32

GetMessageA
wsprintfA
PeekMessageA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpOpen

shlwapi

StrToIntA
wnsprintfA
StrStrIA

Exports

Exports

CRestart
CRestartA
ServiceMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67dbc24e792ed8c6eb98028a04a3d7ed

Headers

File Characteristics

Imports

advapi32

ws2_32

msvcrt

kernel32

user32

winhttp

shlwapi

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 55KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 55KB

.reloc
Size: 3KB - Virtual size: 3KB