8e7775a07559ddcb5b653134e9ecb750

Sharing

Copy URL Twitter E-mail

General

Target

8e7775a07559ddcb5b653134e9ecb750
Size

96KB
MD5

8e7775a07559ddcb5b653134e9ecb750
SHA1

56a341b2d712d1f4209ec76281166b5f763d063c
SHA256

22ef1e168487f2de12aa15cac7100d0f2a24f8cfc276d6eb2c9577bdbdb37447
SHA512

ecd39dde77c477084db385e52282c411fa6710a49389efa6afe842c6a3bfae27b118f15b71b86dc5ef995b6ecfab51fd84282cadbb23558031bb33a3f32c6571
SSDEEP

1536:S0qTkMxnufzfMXT/vkf6txMIwzKeO54qDjVRMfOYtyilIJxr:xqx/4fD0aYhRMVyilIJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e7775a07559ddcb5b653134e9ecb750

Files

8e7775a07559ddcb5b653134e9ecb750
.dll windows:4 windows x86 arch:x86

8796296c975698ccfec3b26bb280a83a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

DeleteService
StartServiceA
ControlService
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
RegEnumKeyExA
GetTokenInformation
LookupAccountSidA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ChangeServiceConfigA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
DeleteObject
DeleteDC
GetDeviceCaps

shlwapi

SHDeleteKeyA

user32

RegisterClassA
CreateWindowExA
IsWindow
SendMessageA
CloseWindow
DestroyWindow
UnregisterClassA
ExitWindowsEx
EnumWindowStationsA
wsprintfA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetDC
ReleaseDC
FindWindowA
ShowWindow
EnumDesktopsA

kernel32

GetLastError
CreateFileA
GetCurrentThreadId
GetModuleFileNameW
lstrcpyA
SetLastError
IsBadReadPtr
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
ReadProcessMemory
ResumeThread
VirtualProtectEx
CreateDirectoryA
GetSystemDirectoryA
GetVolumeInformationA
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
SetPriorityClass
GetPriorityClass
GetCurrentProcess
SetFilePointer
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
ReadFile
PeekNamedPipe
CreatePipe
WriteFile
GetDriveTypeA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
DeleteFileA
RemoveDirectoryA
GetProcessTimes
SetErrorMode
OutputDebugStringA
GetSystemInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
VirtualAlloc
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
GenerateConsoleCtrlEvent
WriteConsoleInputA
GetConsoleOutputCP
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
WaitForSingleObject
TerminateProcess
AllocConsole
FreeConsole
SetConsoleCtrlHandler
GetStdHandle
CreateConsoleScreenBuffer
SetConsoleScreenBufferSize
SetConsoleActiveScreenBuffer
CreateProcessA
DisableThreadLibraryCalls
ExitProcess
GetModuleHandleA
GetModuleFileNameA
ExpandEnvironmentStringsA
GetCurrentProcessId
CreateThread
CloseHandle
GetTickCount
Sleep
LoadLibraryA
GetProcAddress
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
FreeLibrary
DeleteCriticalSection
GetDiskFreeSpaceExA
InitializeCriticalSection
IsBadCodePtr
IsBadWritePtr
RtlUnwind
GetCommandLineA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

CapApiClose
CapApiCreate
CapApiOpen
CapApiQuery
CapApiWorker

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 512B - Virtual size: 339B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8796296c975698ccfec3b26bb280a83a

Headers

File Characteristics

Imports

advapi32

gdi32

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.MaskPE Size: 512B - Virtual size: 339B

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.MaskPE
Size: 512B - Virtual size: 339B