a1507a1c4eefce8f4dbf34db02ed3e18

Sharing

Copy URL Twitter E-mail

General

Target

a1507a1c4eefce8f4dbf34db02ed3e18
Size

85KB
MD5

a1507a1c4eefce8f4dbf34db02ed3e18
SHA1

ea101cfff2874041f469874a1a1138cdb1c3a5bd
SHA256

faf05d8a15434a2bec133148478f8f544ed7645691ba027450e8d267a666851c
SHA512

9b50b5bb6ebcb8fe0f19d33c71c92f58aad492d3437b60822bdf032350a7d37259ed5815a50603a5d5d91c8b03f578aa7f27b5d603133483ee15031ec6e87fd2
SSDEEP

1536:ginP+iw8wTsiAN30S9LSCxgt4ry0oVPsre88xYAq7eT:FZhdZ10St7girB8vq7eT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1507a1c4eefce8f4dbf34db02ed3e18

Files

a1507a1c4eefce8f4dbf34db02ed3e18
.dll windows:4 windows x86 arch:x86

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetThreadDesktop
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
CallNextHookEx
OpenInputDesktop
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextA
PostThreadMessageA
GetWindowThreadProcessId
wsprintfW
GetMessageA
GetActiveWindow
CharLowerA
SetThreadDesktop
ExitWindowsEx
wsprintfA
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
ShowWindow
BringWindowToTop
UpdateWindow
EnumWindows
CharUpperA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDCA
GetDeviceCaps
DeleteObject

advapi32

RegSetValueExA
OpenThreadToken
RegisterServiceCtrlHandlerA
SetServiceStatus
LogonUserA
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ControlService
ChangeServiceConfigA
RegCreateKeyExA
AdjustTokenPrivileges
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf

shell32

SHEmptyRecycleBinA
SHFileOperationA
ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

setsockopt
inet_ntoa
gethostbyname
inet_addr
select
closesocket
send
getsockname
listen
recv
bind
socket
htons
connect
ntohs
accept
WSAStartup

shlwapi

StrCmpW
StrStrA
StrChrA
StrRChrA
SHDeleteKeyA
StrCmpNIA
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetCompositionStringW

avicap32

capGetDriverDescriptionA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
getenv
strrchr
malloc
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
OpenProcess
GetModuleFileNameA
GetDiskFreeSpaceExA
WideCharToMultiByte
SetFilePointer
FlushFileBuffers
lstrlenW
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
MoveFileA
CreateDirectoryA
SearchPathA
GetACP
GetOEMCP
GetLocalTime
lstrlenA
GetTempPathA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
GetCurrentThread
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetStartupInfoA
GetTickCount
WaitForSingleObject
Sleep
CreateProcessA
lstrcatA

Exports

Exports

MaindfefDz
DzService
ServiceMain

Sections

.hjkl
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.esdf
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jkui
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sxdcf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.swax
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wsdfr
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

msvcrt

kernel32

Exports

Exports

Sections

.hjkl Size: 61KB - Virtual size: 61KB

.esdf Size: 6KB - Virtual size: 6KB

.jkui Size: 1KB - Virtual size: 1KB

sxdcf Size: 4KB - Virtual size: 4KB

.swax Size: 3KB - Virtual size: 3KB

.wsdfr Size: 3KB - Virtual size: 2KB

.hjkl
Size: 61KB - Virtual size: 61KB

.esdf
Size: 6KB - Virtual size: 6KB

.jkui
Size: 1KB - Virtual size: 1KB

sxdcf
Size: 4KB - Virtual size: 4KB

.swax
Size: 3KB - Virtual size: 3KB

.wsdfr
Size: 3KB - Virtual size: 2KB