88b75f959016b09fcab4bc30378818ad

Sharing

Copy URL Twitter E-mail

General

Target

88b75f959016b09fcab4bc30378818ad
Size

204KB
MD5

88b75f959016b09fcab4bc30378818ad
SHA1

4934f7de7097399731a11f94a63c99f566c35c90
SHA256

0063f68c20ac7f4c2bed78e78805ed7ec17e76a68d5a87192ed0312e2c26f381
SHA512

83cce0de71b54b123bae1eda4ad8278605f25997c2eac3851b25d11200a2f39f5b0ab20e443e74431550baaef4feafbcfacbefa87c363100f67a0d357c7b3bfe
SSDEEP

6144:i2Llc6QDwcET3d7B9+ksG/Piv/TBhAAOrK2FV:iY3QDWTt77+kl/Piv/TfAJz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88b75f959016b09fcab4bc30378818ad

Files

88b75f959016b09fcab4bc30378818ad
.dll windows:5 windows x86 arch:x86

9b1a4aeade69d0813ac4c01d804cd315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
FindFirstFileA
GetLastError
FindClose
FindNextFileA
CloseHandle
DeleteFileA
ExitProcess
WriteFile
Sleep
CreateEventA
SetCurrentDirectoryA
GetFullPathNameW
FindFirstFileW
MoveFileExA
SetFilePointer
GetFileSize
CreateFileA
GetSystemDirectoryA
GetVolumeInformationA
VirtualAlloc
FreeLibrary
VirtualFree
HeapSize
WriteConsoleW
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetProcAddress
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FlushFileBuffers
RtlUnwind
GetStringTypeW
LoadLibraryW
RaiseException

advapi32

RegCreateKeyA
SetServiceStatus
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA
ord165

Exports

Exports

ServiceMain
StartUsbChecker

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b1a4aeade69d0813ac4c01d804cd315

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB