8cd8150ad16ae168d91782403e028a7d

Sharing

Copy URL Twitter E-mail

General

Target

8cd8150ad16ae168d91782403e028a7d
Size

3.4MB
MD5

8cd8150ad16ae168d91782403e028a7d
SHA1

f71db5f75d650cafea47f33771b23144751884ad
SHA256

1c378d980235ec8eaa007ce91be932fd5ed2ec28a9389235504c9a75d90f8948
SHA512

24b57e22a0286620388098fd211eeea38442fe17c810ec8f7bc0cf7b041c9bc9d333bb0856a0fe510d323c3d109a796bea543483ed61b80ba56ff56e86f976b4
SSDEEP

49152:/vmhk9lNGsavni5ezBDsLEd/epebhImxrbDL6u4SpdwcXf1Y+nWPmxmcr9lQ:/vmhk/0safiOW+/6sFz5HW+nWeHpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cd8150ad16ae168d91782403e028a7d

Files

8cd8150ad16ae168d91782403e028a7d
.dll windows:6 windows x86 arch:x86

c0a765a974d9a4b1918c7f3d4b4dd5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAGetLastError
gethostbyname
closesocket
__WSAFDIsSet
WSASetLastError
connect
WSAStartup
inet_addr
WSASocketW
select
htons
WSAEnumProtocolsW
WSACleanup
recv
socket
send

kernel32

CreateFiber
WideCharToMultiByte
FindNextFileW
FindFirstFileW
MultiByteToWideChar
FindClose
GetProcAddress
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SwitchToFiber
LoadLibraryA
LoadLibraryW
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
HeapSize
GetCurrentDirectoryW
CreateFileA
DeleteFiber
InterlockedExchangeAdd
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedCompareExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemTime
SystemTimeToFileTime
SetLastError
GetLastError
LocalFree
WriteFileEx
CloseHandle
CancelIo
WaitCommEvent
CreatePipe
GetTapeParameters
GetCommMask
SetCurrentDirectoryW
CreateFileW
CreateEventW
CreateFileMappingW
LocalAlloc
CreateFileMappingA
GetLocalTime
SetFileAttributesA
BackupRead
LCMapStringA
GetNamedPipeHandleStateW
GetOverlappedResult
GetVolumeInformationA
GetGeoInfoW
GetProcessHeap
SleepEx
CreateHardLinkA
HeapFree
lstrlenA
GetFullPathNameW
RtlUnwind
LCMapStringW
GetStringTypeW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetTickCount
GetEnvironmentStringsW
GetDriveTypeW
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FreeLibrary
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
Sleep
RaiseException
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
HeapAlloc
DecodePointer
GetCommandLineA
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
EncodePointer
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetCPInfo

user32

ReleaseCapture
GetSysColor
RedrawWindow
SendMessageW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
PtInRect
GetWindowThreadProcessId

advapi32

LsaClose
CreateServiceW
OpenServiceA
CloseServiceHandle
PrivilegedServiceAuditAlarmA
DeleteService
CredReadDomainCredentialsA
OpenEventLogW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CloseEventLog
TreeResetNamedSecurityInfoA
FreeEncryptionCertificateHashList
GetServiceDisplayNameA
IsValidSecurityDescriptor
BackupEventLogW
OpenSCManagerA
ReadEventLogW
EnumServicesStatusW
InitializeAcl
CredWriteW
SetFileSecurityW
StartServiceW
QueryServiceObjectSecurity
CreatePrivateObjectSecurity
GetNumberOfEventLogRecords
GetFileSecurityW
InitializeSecurityDescriptor
CredFree
LsaSetDomainInformationPolicy
CreateServiceA
RegDisablePredefinedCache
AddAccessAllowedAceEx
LsaOpenPolicy
SetServiceObjectSecurity
CredRenameA
GetEffectiveRightsFromAclW
OpenBackupEventLogW
DestroyPrivateObjectSecurity

ole32

ReleaseStgMedium
OleIsRunning

oleaut32

SysStringLen

crypt32

CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

AlibeMonitor
CAN_ReadMsg
I2C_Interrupt_MasterHandler
I2S_ModeConfig
TIM_DeInit
TIM_GetIntCaptureStatus
UART_IrDAInvtInputCmd
WWDT_SetWindow

Sections

.text
Size: 927KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0a765a974d9a4b1918c7f3d4b4dd5ef

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 927KB - Virtual size: 926KB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 927KB - Virtual size: 926KB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 43KB - Virtual size: 43KB