9af5b400ac7957016d9278142d5c7f9b

Sharing

Copy URL

Twitter E-mail

General

Target

9af5b400ac7957016d9278142d5c7f9b
Size

68KB
MD5

9af5b400ac7957016d9278142d5c7f9b
SHA1

3cdac08846e66627fd979878d1ba39628c3fc202
SHA256

b73369bc2eaaa9fe9fbdd711a0976eb035acfef02b89d73939b12f1a51a3c6fe
SHA512

ff465cdc5eb08894b4319543b5d5b5c599839c01a428b683f704fd8fe1d1aedfcd21f4a38e37358a2c626466ff039ae002ef48a27f97f7e597b9dd106cbf4938
SSDEEP

768:PIOGLxZGBzeirE7Rm1fJJFwLDYFnToIf1qu644XY:PSKVBE7A1fhkYFnToIfmN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9af5b400ac7957016d9278142d5c7f9b

Files

9af5b400ac7957016d9278142d5c7f9b
.dll windows:4 windows x86 arch:x86

17e7dfbbfab4ae0f1aa114e13ca7071e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
GetExitCodeProcess
CreateThread
GetModuleFileNameW
FreeConsole
GetWindowsDirectoryW
WriteFile
WideCharToMultiByte
CreateProcessW
ExpandEnvironmentStringsW
GetStartupInfoW
CreatePipe
ReadFile
PeekNamedPipe
CreateEventW
MoveFileW
GetTickCount
MoveFileExW
lstrcatW
GetSystemDirectoryW
SetFilePointer
CreateFileW
WaitForSingleObject
GetComputerNameW
GlobalMemoryStatus
GetCurrentThreadId
GetVersionExW
OutputDebugStringA
HeapFree
HeapAlloc
MultiByteToWideChar
lstrcpyW
TerminateProcess
CloseHandle
GetCurrentProcess
GetLastError
OpenProcess
OutputDebugStringW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
LoadLibraryW
GetProcAddress
GetProcessHeap
Sleep
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
DeleteFileW

user32

OpenWindowStationW
GetThreadDesktop
GetProcessWindowStation
wsprintfW
SetProcessWindowStation
ExitWindowsEx
mouse_event
keybd_event
MapVirtualKeyW
SetCapture
WindowFromPoint
SetCursorPos
SetThreadDesktop
OpenDesktopW

gdi32

DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
DeleteObject
GetDeviceCaps

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerW
SetTokenInformation
CreateProcessAsUserW
QueryServiceStatus
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
DuplicateTokenEx

shell32

SHFileOperationW
ShellExecuteW

ws2_32

setsockopt
WSAIoctl
gethostbyname
htons
connect
WSAStartup
socket
recv
send
WSAGetLastError
closesocket

userenv

CreateEnvironmentBlock

shlwapi

StrRChrW

msvcrt

wcscat
wcscpy
??2@YAPAXI@Z
swprintf
sprintf
__CxxFrameHandler
atoi
wprintf
_ftol
fclose
fwprintf
_wfopen
fprintf
_strdate
_strtime
fseek
fopen
free
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
wcscmp

Exports

Exports

Launch
LoadStartup
ServiceMain

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17e7dfbbfab4ae0f1aa114e13ca7071e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

userenv

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB