97cb0dfd05a99ad1e7b78385286a0a87

Sharing

Copy URL Twitter E-mail

General

Target

97cb0dfd05a99ad1e7b78385286a0a87
Size

64KB
MD5

97cb0dfd05a99ad1e7b78385286a0a87
SHA1

7c3a50fa24bbc3cc9ee570e90ca132d6f53f045e
SHA256

4a4217e38cfa1630bf28eb38119f39f74fc6640f0a14d8414411746046ef7465
SHA512

23970f5f17aa41accc93fc13aa68d4585b62e7fbb5f2515794a09f12d9f8ec09ac8aae28ecc8e5f11798c42bb726a2d7ec4588bb7fd56473151244a59260404b
SSDEEP

768:F6y8ku8+4Axzy16z3qLuNd/7shiJ7GZHou2a1pacuiY3GSBdB6UjQF0N+cdp:P8d5BZL3qpkJAIumxiYppp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97cb0dfd05a99ad1e7b78385286a0a87

Files

97cb0dfd05a99ad1e7b78385286a0a87
.dll windows:4 windows x86 arch:x86

dd686a94727d2992f734216cabd08d52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
GetShortPathNameA
GetCurrentThreadId
GetTempPathA
DeleteFileA
GetProcAddress
GetModuleHandleA
VirtualFreeEx
WritePrivateProfileStringA
OutputDebugStringA
GetCurrentThread
OpenProcess
VirtualAllocEx
GetCurrentProcess
HeapFree
GetProcessHeap
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
DeviceIoControl
WriteProcessMemory
CreateMutexA
GetLocalTime
GlobalLock
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
FreeLibrary
GlobalFree
GlobalHandle
GlobalAlloc
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
GetVersionExA
TerminateProcess
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetCurrentProcessId
Sleep
GetSystemDirectoryA
InterlockedExchange
GetModuleFileNameA
CreateProcessA
SetFileAttributesA
CopyFileA
CloseHandle
OpenMutexA
CreateThread
CreateFileA
GlobalUnlock
GetFileInformationByHandle
RaiseException
LocalFree
GetLastError
HeapAlloc
SetUnhandledExceptionFilter
IsBadCodePtr

user32

SetTimer
SetThreadDesktop
GetMessageA
TranslateMessage
CloseDesktop
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CreateWindowExA
DispatchMessageA
CloseWindowStation
GetPriorityClipboardFormat
SetClipboardViewer
IsCharAlphaNumericA
OpenDesktopA
SetProcessWindowStation
RegisterClassExA
OpenClipboard
GetClipboardData
GetWindowTextA
CloseClipboard
SendMessageA
DefWindowProcA
ChangeClipboardChain
PostQuitMessage
GetForegroundWindow

advapi32

CloseServiceHandle
ControlService
DeleteService
OpenSCManagerA
RegQueryValueExA
OpenServiceA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyA

msvcrt

memcmp
strncpy
fread
fopen
fprintf
memcpy
_strlwr
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
printf
rename
atol
sscanf
_stricmp
remove
_stat
_access
memset
strcat
abs
time
rand
??2@YAPAXI@Z
strlen
sprintf
strcpy
strrchr
getenv
__CxxFrameHandler
atoi
strstr
strtok
fclose
strcmp
exit
free
srand
strftime
localtime
fwrite
malloc

ws2_32

gethostname
gethostbyname
ntohs
htons
WSACleanup
inet_ntoa
WSAStartup
inet_addr

netapi32

Netbios

iphlpapi

GetAdaptersInfo

oleaut32

GetErrorInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd686a94727d2992f734216cabd08d52

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

netapi32

iphlpapi

oleaut32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB