a0c5e7838746bdd8167fb8145482c65a

Sharing

Copy URL Twitter E-mail

General

Target

a0c5e7838746bdd8167fb8145482c65a
Size

28KB
MD5

a0c5e7838746bdd8167fb8145482c65a
SHA1

78d729bb5f8d489f9f5db509e4255dc9ec8dfd5f
SHA256

4619b5e34357110379446ccbe2115b572b87baebadc4de5c39b1acbb8a441a26
SHA512

e27fb9005c93c05538e44d53c318e29b49b8edf66b7d50561e7989f3ae19686aac9e051115957d59ab5c462acf330b70510f4cd10ce94cfb75b1071d67d7e223
SSDEEP

768:XkUVnKyugWaFCP6cSjR81hAJi4DTMsm8tZ6Vf4zoX2er:UEKrxGCP6cq/QsqwY2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0c5e7838746bdd8167fb8145482c65a

Files

a0c5e7838746bdd8167fb8145482c65a
.dll windows:4 windows x86 arch:x86

4b439d10e9047f3b7f861f87480659c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
OpenProcess
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetModuleHandleA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetPrivateProfileStringA
GetCurrentThread
LoadLibraryA
GlobalAlloc
InitializeCriticalSection
VirtualProtect
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetForegroundWindow
GetWindowTextA
FindWindowA
GetWindowThreadProcessId

imagehlp

ImageUnload
ImageLoad

shlwapi

PathFileExistsA

msvcrt

free
_initterm
_strlwr
malloc
_adjust_fdiv
_strupr
_stricmp
fopen
fread
fclose
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
atoi
strncpy
strcmp
wcslen
strstr

wininet

InternetCloseHandle
InternetReadFile

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b439d10e9047f3b7f861f87480659c3

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

shlwapi

msvcrt

wininet

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 2KB