983a7c07fb855a7ad4f93f138eada12f

Sharing

Copy URL Twitter E-mail

General

Target

983a7c07fb855a7ad4f93f138eada12f
Size

198KB
MD5

983a7c07fb855a7ad4f93f138eada12f
SHA1

55c754d0c0cbafc09ffc697b4fbbae07a267393c
SHA256

702fa4700d2cfcbaa4ca836802056314948e9750742c34d8af978d3bb95f2f6b
SHA512

70f142db6b2aea8b4c43f16067ded38a4ed102694e662dbedba65d057bb83265dfb4032b60c1d231507df5146107351ce9c3767e594a6d06f63037becdb869d3
SSDEEP

3072:juZerRGpnT7LdNVbYgBJrNl8PNP755TxRcjY+TMZsgo/hzJMC:CZqGpn/jVbYgBhERTxmjY+TMZsgEtMC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
983a7c07fb855a7ad4f93f138eada12f

Files

983a7c07fb855a7ad4f93f138eada12f
.dll windows:4 windows x86 arch:x86

d762c2e6daae1150f6926151da929533

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
UpdateResourceA
BeginUpdateResourceA
LoadLibraryExA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
GetBinaryTypeA
WriteFile
SetFilePointer
SetFileAttributesA
CopyFileA
WinExec
GetEnvironmentVariableA
TerminateProcess
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
GetSystemTime
SystemTimeToFileTime
CompareFileTime
DeleteCriticalSection
GetTempPathA
EndUpdateResourceA
CreateThread
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateMutexA
GetTickCount
GlobalSize
GlobalAlloc
GlobalFree
SetLastError
FlushViewOfFile
lstrcpyA
lstrcmpA
IsDBCSLeadByte
lstrlenA
SetEndOfFile
GetLocalTime
GetCurrentProcessId
InterlockedDecrement
FreeResource
TerminateThread
SetEvent
ReadFile
MoveFileA
GetFileAttributesExA
GetWindowsDirectoryA
GetTempFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
CreateDirectoryA
LoadLibraryW
CreateEventA
DeviceIoControl
LocalAlloc
GetCurrentDirectoryA
DeleteFileA
FormatMessageA
LocalFree
GetProcAddress
WaitForSingleObject
MoveFileExA
InitializeCriticalSection
LoadResource
MultiByteToWideChar
lstrcmpiA
lstrcmpiW
LCMapStringW
VirtualAlloc
VirtualFree
GetModuleHandleA
GetVersion
GetVersionExA
GetVolumeInformationA
GetFileTime
CreateFileA
LoadLibraryA
Module32First
EnumResourceNamesA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetLocaleInfoA
GetComputerNameA
FreeLibrary
WideCharToMultiByte
Sleep
SetFileTime
CloseHandle
FindResourceA
Process32Next
LockResource
ReadProcessMemory
SizeofResource
CreateToolhelp32Snapshot
OpenProcess
GetLastError
Process32First

user32

CreateIconIndirect
ReleaseDC
DestroyIcon
DrawTextA
GetDesktopWindow
SetThreadDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetClassNameA
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
GetWindowLongA
SetSystemCursor
CopyIcon
SystemParametersInfoA
SetWindowsHookExA
GetFocus
CallNextHookEx
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA
GetActiveWindow
FindWindowA
GetKeyboardLayout
GetDC
GetSystemMetrics
SendMessageA
UnhookWindowsHookEx

gdi32

DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
DeleteObject
BitBlt
GetDeviceCaps
CreateDCA
SetBkMode
SetTextColor
CreateSolidBrush
CreatePen
GetTextExtentPoint32A

shlwapi

SHDeleteKeyA

advapi32

OpenServiceA
GetUserNameA
QueryServiceStatus
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegEnumKeyA
ConvertStringSidToSidA
LookupAccountSidA
ChangeServiceConfig2A
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
ChangeServiceConfigA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA
CreateServiceA
StartServiceA
CloseServiceHandle
ControlService
DeleteService
OpenSCManagerA

ole32

OleRun
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
VariantClear

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

ws2_32

getsockname
WSACleanup
gethostbyname
gethostname
WSAStartup
closesocket
htons
WSAGetLastError
setsockopt
socket
inet_ntoa
recv
connect
__WSAFDIsSet
select
getsockopt
shutdown
ntohs
ntohl
inet_addr
send

dbghelp

ImageNtHeader

wininet

InternetGetConnectedStateEx

msvcrt

_strdup
fclose
fflush
realloc
_fileno
_errno
sprintf
time
localtime
_adjust_fdiv
_initterm
_onexit
__dllonexit
wcsncpy
_except_handler3
??1type_info@@UAE@XZ
_CxxThrowException
wcslen
_strupr
_rmdir
printf
fputs
vfprintf
__CxxFrameHandler
wcstombs
fwprintf
fscanf
fgets
_itoa
_filelength
ftell
strerror
strncat
sscanf
memmove
??2@YAPAXI@Z
strftime
fopen
strncmp
wcsrchr
srand
rand
malloc
_strlwr
_strnicmp
_stricmp
strrchr
memchr
_wcsicmp
fwrite
free
atoi
fputc
fprintf
strncpy
strstr
fseek
fread

Exports

Exports

InstallServ
ServiceMain

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PrcWorks
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d762c2e6daae1150f6926151da929533

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

msvcp60

imm32

ws2_32

dbghelp

wininet

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

PrcWorks Size: 4KB - Virtual size: 2KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 128KB

Shared Size: 8KB - Virtual size: 4KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 95KB

PrcWorks
Size: 4KB - Virtual size: 2KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 128KB

Shared
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 12KB - Virtual size: 9KB