9b9b68e85e4d647d6a900202254233cc

Sharing

Copy URL Twitter E-mail

General

Target

9b9b68e85e4d647d6a900202254233cc
Size

28KB
MD5

9b9b68e85e4d647d6a900202254233cc
SHA1

2230e82717884bfe7f00fd6340951e3a63f4689f
SHA256

d300aef3150545aa59a9909afe46a60d3e88d94e392075b6b130c0b36385a340
SHA512

5add033da00aab51ab27c158d00b355dcc83baa0ec3c87561562eeabb9d903858601267b38147ffeac168a2b738b4233e288938dea4e968b9bedcd6357b6cb77
SSDEEP

192:rHR2meLGd/MZ7CVmU4hr6YBsDjEp0W+H8Xs46Pwl:rHRNKDZc41zsDjEp0WWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b9b68e85e4d647d6a900202254233cc

Files

9b9b68e85e4d647d6a900202254233cc
.dll windows:4 windows x86 arch:x86

6dc2b282bd4b61ae868a1cbb653e192d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetSystemDirectoryA
DeleteFileA
GetCurrentProcessId
DisableThreadLibraryCalls
FreeLibraryAndExitThread
TerminateThread
WaitForSingleObject
CreateEventA
GetProcAddress
lstrlenA
lstrcpyA
ExitProcess
ReleaseMutex
OpenMutexA
WriteFile
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessA
GetStartupInfoA
WaitForMultipleObjects
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
MultiByteToWideChar
GetLastError
GetCurrentProcess
CloseHandle
LoadLibraryA
OpenProcess
FreeLibrary

user32

UnhookWindowsHookEx
CloseWindowStation
CloseDesktop
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
WaitForInputIdle
SetWindowsHookExA
GetKeyboardState
CallNextHookEx
ToAscii

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
InternetReadFile

msvcrt

_initterm
free
_except_handler3
_strupr
strstr
fwrite
_EH_prolog
__CxxFrameHandler
_adjust_fdiv
malloc
memcpy
fopen
fread
fclose
_beginthread
strlen
atoi
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
strcpy
strchr

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dc2b282bd4b61ae868a1cbb653e192d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 268B

.reloc Size: 4KB - Virtual size: 672B

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 268B

.reloc
Size: 4KB - Virtual size: 672B