a11c60ccfe909a4aa32f7c15118ed806

Sharing

Copy URL

Twitter E-mail

General

Target

a11c60ccfe909a4aa32f7c15118ed806
Size

98KB
MD5

a11c60ccfe909a4aa32f7c15118ed806
SHA1

1c92db19c029965ae04e5c1bb5385b63f8887a67
SHA256

9564b350be87a09622f60c613def3ca3f825b6af3fe2d4af3f406614c77534c3
SHA512

70317c7653027c1da344ec6b61db110e9c6dac4f4edd81799d07c3b031871c2dacf709352e6c6bf8d6baa3248bfc52c8a38f55672fe7a837382dd97443accd6b
SSDEEP

1536:U7P59H12p0sV3P6pKGhJJ38z94vfH8i5/2uU64NBC4XLzvvKXR2JTU45KWUiGMe:kpjIz94nn5+RFfXQqU4cWUi5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a11c60ccfe909a4aa32f7c15118ed806

Files

a11c60ccfe909a4aa32f7c15118ed806
.dll windows:4 windows x86 arch:x86

34c560c59a3ab58b0d191957f1bbb913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreatePipe
lstrcpynA
lstrlenA
CreateEventA
SetEvent
lstrcpyA
SystemTimeToFileTime
GetSystemTime
IsBadReadPtr
lstrcatA
Sleep
GetLastError
MoveFileA
DeleteFileA
GetTempFileNameA
TerminateThread
GetCurrentThread
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
GetComputerNameA
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
GetEnvironmentVariableA
LocalFree
GetStartupInfoA
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileTime
GetFullPathNameA
GetTempPathA
FileTimeToSystemTime
GetTimeZoneInformation
GetLocalTime
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
WinExec
ReleaseSemaphore
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
FreeLibrary
GetProcAddress
GetVersion
MoveFileExA
CopyFileA
GetExitCodeProcess
SetFilePointer
CreateDirectoryA
RemoveDirectoryA
DisableThreadLibraryCalls
GetSystemDirectoryA
CreateProcessA
WaitForSingleObject
PeekNamedPipe
ReadFile
TerminateProcess
OutputDebugStringA
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetFileAttributesA
GetSystemTimeAsFileTime
VirtualQuery
VirtualFree
VirtualAlloc
CreateFileA
WriteFile
CreateThread
CloseHandle
LocalAlloc

user32

wsprintfA
wvsprintfA
MessageBoxA

advapi32

RegEnumValueA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

ntdll

_chkstk
strstr
RtlUnwind
memmove
strchr
tolower
_strcmpi
_alldiv
_allmul
NtAllocateVirtualMemory
NtQuerySystemInformation
NtFreeVirtualMemory
NtOpenProcess
NtClose
_strlwr
_strnicmp

ws2_32

recv
getsockname
connect
listen
shutdown
WSASetLastError
select
WSAGetLastError
ntohl
inet_addr
WSAStartup
gethostbyaddr
__WSAFDIsSet
accept
gethostname
sendto
ioctlsocket
setsockopt
closesocket
socket
send
ntohs
recvfrom
htonl
inet_ntoa
htons
bind
gethostbyname

mapi32

ord138
ord19
ord11
ord21
ord23
ord140
ord129
ord13
ord17
ord75
ord135

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

shlwapi

StrChrA
StrToIntA
StrCmpNA
StrStrA

Exports

Exports

WLEventLogoff
WLEventLogon
WLEventShutdown

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c560c59a3ab58b0d191957f1bbb913

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ntdll

ws2_32

mapi32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB