9bf41ad49fb2c5b4b64f40d6ebb32c5f

Sharing

Copy URL Twitter E-mail

General

Target

9bf41ad49fb2c5b4b64f40d6ebb32c5f
Size

51KB
MD5

9bf41ad49fb2c5b4b64f40d6ebb32c5f
SHA1

a36dc260cec5100283f252730505b1afbe705ab0
SHA256

15c08b8b42fd7cf40e5ee211de48f998683d1d938dc2cc5854fda5e42a0c9caa
SHA512

6aaca048328d17df8ffa66139f7aa963cdc8da0515285fe3e2a6a0faaa8560400a9c74b63dbf9721fb73f87fbc09fe01ec4ccd6e08538b5ef773c3ca49009583
SSDEEP

1536:MBFVDS9nQDfNQMDNVJnE+tq+rvfvPrUq:MtDS9QDfNFpEWbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bf41ad49fb2c5b4b64f40d6ebb32c5f

Files

9bf41ad49fb2c5b4b64f40d6ebb32c5f
.dll windows:5 windows x86 arch:x86

5e5051cf3774c95e344c180d0ee748d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwDeleteKey
ZwDuplicateObject
NtFlushBuffersFile
ZwDeleteValueKey
NtOpenMutant
NtDeleteAtom

kernel32

GetModuleHandleA
InterlockedDecrement
CloseHandle
GlobalFree
GlobalUnlock
LockResource
EnterCriticalSection
HeapAlloc
GetModuleFileNameA
GetTickCount
GetLogicalDrives
GetEnvironmentVariableW
MapViewOfFile
DeleteFileW
SetPriorityClass
FreeResource
SetThreadExecutionState
FindNextFileA
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringA
GlobalAlloc
GlobalDeleteAtom
VirtualAlloc

gdi32

SetStretchBltMode
RectVisible
GetFontLanguageInfo

shlwapi

PathQuoteSpacesA
PathIsUNCW
PathRemoveBackslashW

user32

GetKeyState
ReleaseCapture
GetDlgItemTextW
CreateWindowExW
IsMenu
CheckDlgButton
LoadImageW
RegisterClassA
BeginPaint
DialogBoxIndirectParamW
TrackMouseEvent
GetMessagePos
DefWindowProcW
WindowFromPoint
GetWindow
GetClassLongW
CharLowerW

Exports

Exports

CreateProcessNotify
GetIpErrorString
InternalSetIfEntry
DllClientCleanup
nbtshare
DllClientStartup
GetBestRoute
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetIcmpStatisticsEx
GetIpAddrTable
do_echo_req
InternalDeleteIpNetEntry

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e5051cf3774c95e344c180d0ee748d9

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

gdi32

shlwapi

user32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB