900dd5ea98920accb244626bb8e906e5

Sharing

Copy URL

Twitter E-mail

General

Target

900dd5ea98920accb244626bb8e906e5
Size

72KB
MD5

900dd5ea98920accb244626bb8e906e5
SHA1

abfd4a966ed7e16ab2d77a0144174f128ca86e23
SHA256

d2a923f98882126af13521c99583c734b6818b7b515a4380fd54f2fb233d8248
SHA512

b6e1c487c635aa746ee71c7a1a1655e25fde4ed2f9a6de50c3b42bed7c6cbe039ed7ccb9e1c96827601a5bd4d5099635865b0c60676dede99019e58ef980e76a
SSDEEP

768:vJM3iaqavQLJ+3YlxNPTDSDrhTM+FN46J0n39h7ASQlKlo+oSovo0oOmoyowoIui:xM3iUgNPTOn5M+FN4rJUl3HrQZELlIl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
900dd5ea98920accb244626bb8e906e5

Files

900dd5ea98920accb244626bb8e906e5
.dll windows:4 windows x86 arch:x86

53b08da1fe93de488836bb699f3a3be8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
WaitForSingleObject
SetEvent
TerminateProcess
WaitForMultipleObjects
CreateEventA
Sleep
GetStartupInfoA
CreatePipe
GetComputerNameA
TerminateThread
GetExitCodeThread
GetLastError
ReadFile
CreateFileA
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
CreateProcessA
CloseHandle
FlushFileBuffers
LCMapStringW
RtlUnwind
RaiseException
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
TlsAlloc
TlsFree
SetLastError
SetUnhandledExceptionFilter
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA

advapi32

SetServiceStatus
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
RegCloseKey
RegisterServiceCtrlHandlerA

ws2_32

WSAStartup
setsockopt
inet_addr
htons
socket
connect
send
recv
closesocket
WSAGetLastError

Exports

Exports

ServiceMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53b08da1fe93de488836bb699f3a3be8

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 4KB