97229fd051d6380704ac2abcbe438b8a

Sharing

Copy URL

Twitter E-mail

General

Target

97229fd051d6380704ac2abcbe438b8a
Size

52KB
MD5

97229fd051d6380704ac2abcbe438b8a
SHA1

3ea244080cae190587348483f015371fc65bce0f
SHA256

57f3186ba5a3a986f9e135daff6d77514e7f88e991fb0a8624f7d7c5b59306e7
SHA512

55ef474fd2991772b796a79fe4b4521705f338f95343f77f8d286061850bdac1836285314a7f3c1d4d850bc99d80780c830efb65fd39c9317702a8f0034cc3d7
SSDEEP

768:Av000btDotnY8gVhCT1IqtyP29k56955RsMYavvFDw0nIX0WcOUYZY:m9yxDhCT1xtq29k56P5RHjDw0npWeY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97229fd051d6380704ac2abcbe438b8a

Files

97229fd051d6380704ac2abcbe438b8a
.dll windows:4 windows x86 arch:x86

5b7014a5629577387073e5ce0e8fa1c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
CloseDesktop
CloseWindowStation
SetThreadDesktop
GetUserObjectInformationA
OpenDesktopA
GetThreadDesktop
wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation

ws2_32

closesocket
setsockopt
WSAStartup
connect
htons
socket
recv
select
inet_ntoa
gethostbyname
inet_addr
recvfrom
sendto
send

msvcrt

_adjust_fdiv
malloc
_initterm
free
memmove
strstr
strlen
memset
_except_handler3
memcpy

advapi32

RegisterServiceCtrlHandlerA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
SetServiceStatus
OpenEventLogA
ClearEventLogA
CloseEventLog
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
DeleteService
QueryServiceStatus
StartServiceA
ControlService
ChangeServiceConfigA
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

kernel32

GetVolumeInformationA
GetDiskFreeSpaceA
GetDriveTypeA
LocalFree
GetSystemDirectoryA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
lstrlenA
lstrcmpiA
CreateFileA
SetFilePointer
GetFileSize
MapViewOfFile
CreateFileMappingA
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThreadId
ExitProcess
MoveFileExA
CreateMutexA
ResumeThread
MoveFileA
CreateThread
GetModuleHandleA
DeviceIoControl
LocalAlloc
InitializeCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
EnterCriticalSection
HeapFree
GetTickCount
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcess
Process32Next
CloseHandle
OpenProcess
lstrcpynA
Process32First
CreateToolhelp32Snapshot
TerminateProcess
lstrcpyA
GetLastError
DeleteFileA
WriteFile
ReadFile
PeekNamedPipe
WaitForSingleObject
Sleep
CreateProcessA
CopyFileA
GetStartupInfoA
CreatePipe
GetTempPathA
lstrcatA

Exports

Exports

ServiceMain

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b7014a5629577387073e5ce0e8fa1c8

Headers

File Characteristics

Imports

user32

ws2_32

msvcrt

advapi32

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 1KB