a0ae17cc5e8f231cd3cff1d8d00f51ea

Sharing

Copy URL

Twitter E-mail

General

Target

a0ae17cc5e8f231cd3cff1d8d00f51ea
Size

152KB
MD5

a0ae17cc5e8f231cd3cff1d8d00f51ea
SHA1

60e06320b8399aa66330940e33e9f04da817c6e7
SHA256

7bdc3a3081478121d53ac344afbeac1499eebee3e0b0d0d97169bb57511b36a3
SHA512

ce2291d564870295cd2f775de20a0f354a21f69001e4cc4cbe1258d820b5fcc0cb421700f13fdbde5c5e6c88dcaf9c789c4a7e7b5614665a961d5c677abc1d98
SSDEEP

1536:hW9gdozVJ1wyJf2k+pVEIdJLkEJsWJYsNmERDS:hWhJ2LLThrhRe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0ae17cc5e8f231cd3cff1d8d00f51ea

Files

a0ae17cc5e8f231cd3cff1d8d00f51ea
.dll windows:4 windows x86 arch:x86

51fa74580ad94639bab751344cc5b076

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
OpenProcess
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateMutexA
DisableThreadLibraryCalls
GetModuleFileNameA
GetCurrentProcessId
FreeLibraryAndExitThread
CreateThread
GetSystemDirectoryA
LocalFree
LocalAlloc
ReadFile
GetFileSize
CreateFileA
FreeLibrary
GetTempFileNameA
GetTempPathA
TerminateProcess
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
SetLastError
TerminateThread
SetEndOfFile
FlushFileBuffers
WriteFile
SetFilePointer
WinExec
SetCurrentDirectoryA
GetWindowsDirectoryA
GetVersion
GetSystemInfo
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemTime
LoadLibraryA
GetProcAddress
VirtualAllocEx
GetLastError
WriteProcessMemory
Sleep
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GlobalFree
CloseHandle
VirtualFreeEx
GlobalAlloc
GlobalLock
DeleteFileA

advapi32

FreeSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc

wininet

DeleteUrlCacheEntry
InternetSetCookieA

msvcrt

__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
srand
time
strstr
sprintf
strncpy
_strnicmp
_except_handler3
free
wcslen
strchr
strrchr
_strlwr
_snprintf
printf
strncat
asctime
localtime
fclose
fflush
fprintf
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
wcscpy
_memicmp
malloc
fopen

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

ws2_32

ntohs
inet_ntoa
gethostname
WSAGetLastError
gethostbyname
WSACleanup
WSAStartup

netapi32

NetApiBufferFree
NetUserEnum
NetServerEnum
Netbios

iphlpapi

GetAdaptersInfo
GetNetworkParams
GetTcpTable

Exports

Exports

IasAuth
IeUishow

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51fa74580ad94639bab751344cc5b076

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

wininet

msvcrt

msvcp60

ws2_32

netapi32

iphlpapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 78KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 78KB

.reloc
Size: 4KB - Virtual size: 2KB