a38fc316294f51fac0a1b3762928e34d

Sharing

Copy URL Twitter E-mail

General

Target

a38fc316294f51fac0a1b3762928e34d
Size

46KB
MD5

a38fc316294f51fac0a1b3762928e34d
SHA1

3331d9a479fc6396a781d1b59f9d72b9bd5be825
SHA256

e663d58115b2052388a6f1650d83fd7c4fd55f1d2170fd95a5c41a02d5fbd552
SHA512

62b57646aeda31600c174e34fe03182e50f974f4a3464e7bf8a5276e2e69b205d1ffe1ef1885e56b8e115db00479ca4967cce46622bbaac1badbc56d5c1a07a5
SSDEEP

768:FGVvmaJRjX9vHiZrHnmfyTHI9u5AI/FhcGseGPsHVz2nIyZTU+Xt1cMIt2UfoJVl:FEuyX9vsznmfy7IdIdm7eGEHF2IyDXtf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a38fc316294f51fac0a1b3762928e34d

Files

a38fc316294f51fac0a1b3762928e34d
.dll windows:4 windows x86 arch:x86

9bdab20b24c776f2c3e425697d0aad6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
GetThreadDesktop
wsprintfA
CharUpperA
GetWindowTextA
GetWindowThreadProcessId
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DestroyWindow
DispatchMessageA
SendInput
GetMessageA
SendMessageA
IsWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
CreateDesktopA
SetProcessWindowStation
OpenWindowStationA
ToAscii
GetKeyboardState
OpenInputDesktop
SetThreadDesktop
SetCursorPos
OpenDesktopA
ExitWindowsEx
MessageBoxA
GetActiveWindow
GetFocus

gdi32

GetCurrentObject
CreateDCA
DeleteDC
GetDeviceCaps

advapi32

OpenThreadToken
LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
ChangeServiceConfigA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueExA
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
EnumServicesStatusA
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AdjustTokenPrivileges

shell32

SHFileOperationA
ShellExecuteA
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal

ws2_32

WSAStartup
WSADuplicateSocketA
WSASocketA
recv
select
getsockname
inet_addr
send
htons
listen
setsockopt
bind
socket
connect
gethostbyname
inet_ntoa
closesocket
ntohs
accept

shlwapi

StrStrA
StrCmpNIA
StrToIntA
StrChrA
SHDeleteKeyA
StrRChrA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

mswsock

TransmitFile

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

msvcrt

strcpy
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strstr
strchr
malloc
wcscmp
free
memcpy
abs
_beginthread
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

kernel32

SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcatA
OpenEventA
CallNamedPipeA
GetStartupInfoA
GetModuleFileNameA
GetSystemDirectoryA
IsDBCSLeadByte
GetLocalTime
ExitProcess
GetFileAttributesA
WaitForMultipleObjects
CreateThread
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
SetThreadPriority
CreateProcessA
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetCurrentProcessId
lstrcmpiA
FindFirstFileA
lstrcmpA
FindNextFileA
GetLastError
FindClose
GetFileAttributesExA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
lstrcpyA
MoveFileA
CreateDirectoryA
WriteFile
GetTempPathA
lstrlenA
SetEvent
WaitForSingleObject
GetFileSize
DeleteFileA
GetVersion
QueryPerformanceCounter
DeviceIoControl
CreateEventA
GetCurrentThreadId
Sleep
CreateFileA
GetFileSizeEx
SetFilePointerEx
ReadFile
CloseHandle
GetTickCount
LoadLibraryA
QueryPerformanceFrequency

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bdab20b24c776f2c3e425697d0aad6a

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

wininet

mswsock

imm32

msvcrt

avicap32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB