9a4ebb501decc6078558b3e98e41c62a

General

Target

9a4ebb501decc6078558b3e98e41c62a
Size

13KB
MD5

9a4ebb501decc6078558b3e98e41c62a
SHA1

61fa28e80c9d9f963c06d4701ef54a91208169aa
SHA256

627b101d4d7783cad59788c393a2a878c59831ee376f835fec44237f8629020e
SHA512

67c0338894d38b9472595b70b1e3071ac8bcedbf6248af89b603886cc3e515d5ff311f8ce1147f8dd919dd63cd417ea134a67a8fa44110cd36d8f26a1b0fa472
SSDEEP

192:nWlX73Q/Vn70D359iAGP6OaKx0aVUjcozWIVfP:nWZ94P6OrWaiQozWwf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a4ebb501decc6078558b3e98e41c62a

Files

9a4ebb501decc6078558b3e98e41c62a
.dll windows:4 windows x86 arch:x86

fc3ba097a05f62b667cca15301914f1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
FindClose
FindNextFileA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
VirtualProtectEx
GetProcAddress
Module32Next
GetLastError
ReadFile
GetModuleFileNameA
OpenProcess
TerminateProcess
GetCurrentProcess
ReleaseMutex
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetSystemDirectoryA
lstrlenA
CreateFileA
WriteFile
GetTickCount
GetPrivateProfileStringA
CreateMutexA
Sleep
CreateThread
CloseHandle
Module32First
GetCurrentProcessId

user32

SetThreadDesktop
EnumWindows
GetWindowThreadProcessId
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
wsprintfA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shlwapi

StrStrIA

msvcrt

??2@YAPAXI@Z
_purecall
memcpy
strcmp
memset
strlen
strcat
strcpy
??3@YAXPAX@Z
_itoa

wininet

InternetCloseHandle

Sections

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc3ba097a05f62b667cca15301914f1b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Sections

.bss Size: - Virtual size: 12KB

.data Size: 9KB - Virtual size: 9KB

.shared Size: 1024B - Virtual size: 532B

.reloc Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 12KB

.data
Size: 9KB - Virtual size: 9KB

.shared
Size: 1024B - Virtual size: 532B

.reloc
Size: 1KB - Virtual size: 1KB