abd90c74d6b84e1e223a80121c7054a0

Sharing

Copy URL Twitter E-mail

General

Target

abd90c74d6b84e1e223a80121c7054a0
Size

40KB
MD5

abd90c74d6b84e1e223a80121c7054a0
SHA1

91565cbb431488fca12d18a9dafdf74b10ddb8df
SHA256

97f89ed7158f63f30453c149bf5d9a57835a96b7b95fd1ac70f988048da50caf
SHA512

81c91827b5422c4fd8a828f17482b28aa02404b804c5f588da4602a7537ca1448739f35473ac30f5f1678ac901c0444bcacd70edf44d8c7defdf37e8683cd616
SSDEEP

384:UNfwz6+7f9yXbayOtoQ+e0PbaQ0J/iJyAbr+h9jwe7BW/WD25:Rz6sfQbpOB+3WiJLbShxwe92

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abd90c74d6b84e1e223a80121c7054a0

Files

abd90c74d6b84e1e223a80121c7054a0
.dll windows:4 windows x86 arch:x86

7f31e8c89ca6f864ac2357c482d11476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

ws2_32

recv
socket
send
WSAStartup
htons
gethostbyname
WSACleanup
closesocket
connect

msvcrt

time
atoi
rand
strncpy
fopen
printf
fseek
ftell
fgetc
fread
fclose
memcpy
memset
sprintf
strstr
strcpy
strcat
strlen
strcmp

kernel32

LoadLibraryA
GetLastError
LocalAlloc
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
CreateRemoteThread
Sleep
SetSystemTime
GetSystemTime
CloseHandle
GetFileSize
CreateFileA
DeleteFileA
WinExec
lstrcatA
GetSystemDirectoryA
CreateThread
lstrcpyA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
GetVolumeInformationA
GetModuleFileNameA
GetComputerNameA
lstrcmpA
GetVersionExA

user32

CharUpperA
EnumWindows
GetClassNameA
PostMessageA
GetWindowTextA
FindWindowExA
GetWindow
wsprintfA
SendMessageA

advapi32

RegQueryValueExA
QueryServiceConfigA
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
AdjustTokenPrivileges
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoCreateGuid

Exports

Exports

?Dll2Main@@YGHPAUHINSTANCE__@@KPAX@Z

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f31e8c89ca6f864ac2357c482d11476

Headers

File Characteristics

Imports

urlmon

wininet

ws2_32

msvcrt

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 640B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 640B

.reloc
Size: 4KB - Virtual size: 1KB