8f89afac888992199ba4dc0a399341e3

Sharing

Copy URL Twitter E-mail

General

Target

8f89afac888992199ba4dc0a399341e3
Size

126KB
MD5

8f89afac888992199ba4dc0a399341e3
SHA1

90c8f0065066661ebe055300697e71979bd6e099
SHA256

0a4d29a6c7322172dd279da9abb5b67b7615a71d52d2090d6194b6a62d61821c
SHA512

98596851a88c74370a28da1021c4e079e82bdd5ee6f9931d1482315ec3254f4472e94c8b2d9a1e55ad2edc350cdde845b940a4f5a4c3143338b6a358a4f3fd6a
SSDEEP

3072:SUsMeaU2UGrVNC0h4bWXweZyRE0lzpxV:TsMeaU2UGrbqbwf2px

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f89afac888992199ba4dc0a399341e3

Files

8f89afac888992199ba4dc0a399341e3
.dll windows:4 windows x86 arch:x86

6201d3c1ca61c2f2b8b14f0443956e4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateRemoteThread
GetProcAddress
GetModuleHandleA
OpenProcess
WriteProcessMemory
VirtualAllocEx
CreateThread
GlobalFree
GetFullPathNameA
GetModuleFileNameA
GlobalAlloc
MultiByteToWideChar
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
GetLastError
SetPriorityClass
GetCurrentProcess
DeleteFileA
WriteFile
CreateFileA
LoadLibraryA
GetFileSize
FreeLibraryAndExitThread
lstrcpynA
GetTickCount
SetEvent
InitializeCriticalSection
GetSystemTime
CreateEventA
SetFilePointer
OpenFile
SetLastError
ExpandEnvironmentStringsA
ReadFile
WinExec
CreateProcessA
GetStartupInfoA
CreateMutexA
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
TerminateThread
DeleteCriticalSection
ExitThread
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
CloseHandle
Sleep
lstrcpyA
lstrcatA
IsBadWritePtr
lstrlenA
FlushFileBuffers
GetSystemInfo
VirtualProtect
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WideCharToMultiByte
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
VirtualQuery
InterlockedExchange
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
RtlUnwind
RaiseException

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
CloseServiceHandle
RegDeleteValueA

user32

wsprintfA
wsprintfW

ws2_32

WSACleanup
inet_addr
setsockopt
bind
listen
select
WSAGetLastError
getsockopt
ntohs
getsockname
gethostname
inet_ntoa
__WSAFDIsSet
accept
ioctlsocket
recv
WSAStartup
socket
gethostbyname
htons
connect
send
closesocket
shutdown

shlwapi

PathFileExistsA
StrToIntA

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6201d3c1ca61c2f2b8b14f0443956e4f

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

shlwapi

wininet

ole32

oleaut32

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 20KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 20KB

.reloc
Size: 9KB - Virtual size: 9KB