8d823085da3ffad25f4692cf58b57e22

General

Target

8d823085da3ffad25f4692cf58b57e22
Size

40KB
MD5

8d823085da3ffad25f4692cf58b57e22
SHA1

f076482f0e9f65066319901fef9c8e7f6e9655c6
SHA256

60f4038b7191658daf2319d7bc439332355a8d215466b137df12f73711439c5b
SHA512

df8495540fa2a29140096388488206552278c8421344d5d1b9758caf85f0213b680975c80f19659f5cf4138465517b2b73281fa383eb4a62366a8c9925cea1b7
SSDEEP

384:DOCQzT8+mTjegjGvco/Iwm8Qbtj4FNw32gYk3NXsDMWtq199+3YBvC9DOZUu:yfzntDlmihgYONcY99RVJZz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d823085da3ffad25f4692cf58b57e22

Files

8d823085da3ffad25f4692cf58b57e22
.dll windows:4 windows x86 arch:x86

691c8f775985f388b6570eb3abd6c363

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
ReadProcessMemory
GetPrivateProfileStringA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetCommandLineA
GetTickCount
RaiseException
GetLocalTime
GetCurrentThreadId
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
GetProcAddress

user32

GetWindowTextA
CallNextHookEx
GetWindowThreadProcessId

imagehlp

ImageLoad
ImageUnload

msvcrt

_strupr
_strlwr
_strcmpi
_stricmp
wcslen
atol
srand
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
strncpy
strstr
strcmp
__CxxFrameHandler
rand

Exports

Exports

kingsoft
trte

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewrw
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

691c8f775985f388b6570eb3abd6c363

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 14KB

ewrw Size: 4KB - Virtual size: 140B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 14KB

ewrw
Size: 4KB - Virtual size: 140B

.reloc
Size: 4KB - Virtual size: 2KB