7ff4008f285aca8a4e552448b5027651

Sharing

Copy URL

Twitter E-mail

General

Target

7ff4008f285aca8a4e552448b5027651
Size

35KB
MD5

7ff4008f285aca8a4e552448b5027651
SHA1

2aeb0e87b0d97de1db98761442a64d588bd24edb
SHA256

c5ed89675907bbe99893882cb9c55e2c7045118889776d3c7f597b1344699e4d
SHA512

a04a0dcd5c273591ccc40b2ce25759dcc93deb74c6973d72d81b4627c005022d8523331e93e1f44c96fecc3aa4cb12a27bc65f20166cb1651100a50c72977961
SSDEEP

768:jR9aSDl6HFAFC9JgkAkCVWZ2ebuDSpC7Vaa7S:jRLl6HFAc9Jp/UWdwt7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff4008f285aca8a4e552448b5027651

Files

7ff4008f285aca8a4e552448b5027651
.dll windows:4 windows x86 arch:x86

21ebde06e8e5336c63b1197aee4fea00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetSystemDirectoryA
CreateThread
GetModuleFileNameA
IsBadReadPtr
VirtualAlloc
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
ReadFile
GetTickCount
lstrcmpiA
lstrcmpA
WinExec
GetCurrentProcess
ExitProcess
Sleep
lstrlenA
lstrcpynA
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetTempPathA
lstrcatA
VirtualProtect
OutputDebugStringA

user32

GetWindowThreadProcessId
IsRectEmpty
ReleaseDC
DialogBoxParamA
ExitWindowsEx
GetWindowLongA
SetWindowLongA
FindWindowExA
GetDlgItem
SendMessageA
GetWindowTextA
EndDialog
ShowScrollBar
GetDC
LoadImageA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
GetActiveWindow
IsIconic
IsWindowVisible
GetSystemMetrics
EnumWindows
GetClassNameA
GetForegroundWindow
GetCursorPos
SetLayeredWindowAttributes

gdi32

BitBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
SelectPalette
RealizePalette
GetDIBits
SetBkColor
SetTextColor
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetObjectA
StretchBlt

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA

wininet

InternetCheckConnectionA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetQueryDataAvailable

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

netapi32

Netbios

msvcrt

sprintf
atoi
strstr
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
memmove
strchr
sscanf
strrchr

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21ebde06e8e5336c63b1197aee4fea00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 47KB

.rsrc Size: 512B - Virtual size: 264B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 47KB

.rsrc
Size: 512B - Virtual size: 264B

.reloc
Size: 3KB - Virtual size: 2KB