8fc56ef0218f2f20a72ff70f07b0ec4f

Sharing

Copy URL

Twitter E-mail

General

Target

8fc56ef0218f2f20a72ff70f07b0ec4f
Size

80KB
MD5

8fc56ef0218f2f20a72ff70f07b0ec4f
SHA1

dcc87b534225e2724fc821b8c77ce58b9f7022f6
SHA256

89fa1e0005f5fb8c9da2248ed98a772c11d4c248d6271402dec2382a74662075
SHA512

42cc9b3654071761ce04149a08f5b43841d33d4dba6529b40fad695396223e20f861eed85e5312fff492c3e4ead19839bba84cf6c677c0ddf1f1f7dd4399e55d
SSDEEP

1536:rqd36AO/+nuHu2pYNTklPRb+92nSlSwYRLYyhSd:rA3Y/kKu2mMb9nSlSwYRLYys

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fc56ef0218f2f20a72ff70f07b0ec4f

Files

8fc56ef0218f2f20a72ff70f07b0ec4f
.dll regsvr32 windows:4 windows x86 arch:x86

4e5acf111bc67c01f64d2da65bb2cd48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetLastError
CreateFileA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
TerminateThread
Sleep
GetWindowsDirectoryA
DeleteFileA
TerminateProcess
WaitForSingleObject
CreateProcessA
MultiByteToWideChar
GetTempPathA
SetLastError
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingA
CreateEventA
GetSystemInfo
UnmapViewOfFile
InterlockedExchange
GetCurrentThreadId
InterlockedCompareExchange
SetEvent
FlushFileBuffers
SetStdHandle
LoadLibraryA
CloseHandle
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetLocalTime
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
ExitProcess
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
TlsAlloc
TlsFree
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

wsprintfA

shell32

ShellExecuteA

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord30
ord58
ord32
ord57
ord18
ord15
ord16
ord21
ord23
ord31

ws2_32

send
closesocket
recv
connect
socket
inet_addr
htons
WSACleanup
gethostbyname
WSAStartup
inet_ntoa

netapi32

Netbios

winhttp

WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e5acf111bc67c01f64d2da65bb2cd48

Headers

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

atl

ws2_32

netapi32

winhttp

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB