961f243fcb80342e4d935448a8ba3993

Sharing

Copy URL

Twitter E-mail

General

Target

961f243fcb80342e4d935448a8ba3993
Size

66KB
MD5

961f243fcb80342e4d935448a8ba3993
SHA1

79417cafda0060d5565b9c94b54757ca36552c95
SHA256

d878376c199d7f49363160895b129160af01a6392f06426b28cf326c1be8a522
SHA512

c46f11a43cc1b898e299b38805f7394546f87df6e6d5de9998cb0b355e60dc7f54b4cf29603d938eca2c7f7cf67b8b9b48952f83ebde0292b95e89328d131529
SSDEEP

1536:ba0pIuFa6AaFD8YIaTJFVbcHv+EE4FZ96WDItKf:ba0pIuFa6HFD2k0j6WDItK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
961f243fcb80342e4d935448a8ba3993

Files

961f243fcb80342e4d935448a8ba3993
.dll windows:4 windows x86 arch:x86

8d9314c7fb0c1c848383fc9785c8827b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

htons
getprotobyname
WSAStartup
connect
closesocket
inet_ntoa
socket
ioctlsocket
gethostbyname
gethostname
recv
WSAGetLastError
send
WSACleanup

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
HeapSize
ReadFile
SetEndOfFile
Sleep
lstrcmpiA
lstrcpyA
GetTickCount
lstrcmpA
lstrlenA
CreateThread
HeapAlloc
GetProcessHeap
HeapFree
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeZoneInformation
GetCommandLineA
GetVersionExA
GetLastError
CloseHandle
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA

user32

wsprintfA

advapi32

GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

Exports

Exports

InstallPlugin
PluginVersion
TerminatePlugin

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d9314c7fb0c1c848383fc9785c8827b

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB