9a554d4294f401d5aeb3594ef75b4907

Sharing

Copy URL Twitter E-mail

General

Target

9a554d4294f401d5aeb3594ef75b4907
Size

119KB
MD5

9a554d4294f401d5aeb3594ef75b4907
SHA1

de65b022733d73b3bdc016838afff08fea50beeb
SHA256

ff8bdf88cfbc3fbd5c1b6ec84ecaa1dea6487d93f23242d179c084688f831a08
SHA512

47dfa5f07fb04043d0de2f8854c9d95009ae90dbba06de0a7c64c33dead5f6fce565f8f94377c518f1a79b27d41a96bf7f7492dd090a44e27889585809ffb67a
SSDEEP

1536:jCZiMqqU+2bbbAV2/S20E9NrDbhYOP5gmqHqxNCIFZWT52zDeFgIhJo5OgS:8iMqqDL2/0EP6xdSWgIhJo5OgS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a554d4294f401d5aeb3594ef75b4907

Files

9a554d4294f401d5aeb3594ef75b4907
.dll windows:4 windows x86 arch:x86

308c8d7f1030fdbd6b3d70edc6684e78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
lstrcpyA
FindClose
FindNextFileA
FindFirstFileA
lstrcpynA
ExpandEnvironmentStringsA
lstrcmpA
GetWindowsDirectoryA
ReleaseMutex
GetModuleHandleA
GetLastError
CreateMutexA
GetSystemTimeAsFileTime
lstrcatA
LeaveCriticalSection
Sleep
EnterCriticalSection
CreateThread
InitializeCriticalSection
DeleteCriticalSection
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
CreateFileA
WriteFile
CloseHandle
GetFileTime
SetFileTime
lstrlenA
GetTickCount
GetSystemTime
FlushFileBuffers
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
RaiseException

user32

wsprintfA

advapi32

RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shlwapi

PathFileExistsA
PathIsDirectoryA

wininet

InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetReadFile
HttpSendRequestA

Exports

Exports

Func
_DllMain@12
regReadString
regWriteString

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shrd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

308c8d7f1030fdbd6b3d70edc6684e78

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

shrd Size: 512B - Virtual size: 12B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 109KB - Virtual size: 109KB

shrd
Size: 512B - Virtual size: 12B

.reloc
Size: 6KB - Virtual size: 6KB