8ffa818510a7a5dcac43c81a86de840b

Sharing

Copy URL Twitter E-mail

General

Target

8ffa818510a7a5dcac43c81a86de840b
Size

34KB
MD5

8ffa818510a7a5dcac43c81a86de840b
SHA1

5cb601eff26d06e20264b9d9263ee70e061a27c9
SHA256

251dcdde4e50e2d89e18cecd5b13939154f277e1509d0ed42f04ad7483f4a84c
SHA512

4ab2a7568daa33db70b08573e9d44145b224d9509c9b030fbb750c8a6b6e4b4d284e54e842058b5dc3b57de9500d191358717a2db98c9bde61135542e43c27a5
SSDEEP

768:Uo+jo0nl0dpXE6XxqSfbwKSZeOXN+tjWDtHO8fARxCZf75ZOJT:UJU0EBBnbHGX6jgtH77vK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ffa818510a7a5dcac43c81a86de840b

Files

8ffa818510a7a5dcac43c81a86de840b
.dll windows:4 windows x86 arch:x86

7e9f9de3a773473c8adaae4265a828e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetModuleHandleA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
GlobalAlloc
LoadLibraryA
GetCurrentThreadId
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
TerminateProcess

user32

CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
GetWindowTextA
FindWindowA

imagehlp

ImageLoad
ImageUnload

shlwapi

PathFileExistsA

msvcrt

malloc
_strnicmp
_adjust_fdiv
_strupr
_strlwr
_stricmp
_initterm
free
wcslen
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
atoi
??3@YAXPAX@Z
strncpy
strchr
strstr
fclose
fread
fopen
strcmp

wininet

InternetReadFile
InternetCloseHandle

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e9f9de3a773473c8adaae4265a828e7

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

shlwapi

msvcrt

wininet

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 4KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 4KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 3KB