b5d07b27a88c3a18c53aeedfa2fa9d45

Sharing

Copy URL

Twitter E-mail

General

Target

b5d07b27a88c3a18c53aeedfa2fa9d45
Size

47KB
MD5

b5d07b27a88c3a18c53aeedfa2fa9d45
SHA1

015806587439417aeb0bb9916f5fc0997f9ab6b5
SHA256

d82725c7403fe12daff31b31d633f19f91593d0aec07c1da4d81c931781fa274
SHA512

477610415900fb573b18cd4a36d96362bccacaf46aa806b5be30c0b1f2c51c9ee6b4a7586ef6e06cf57061ff7eae324799189db0be32c95187b605a80cb54168
SSDEEP

768:40d2iTF1tpDf060nkBLQVtcRxLhKPivXvstqNnOFDb/Jz9CYD+UGxceU:I81bf0dnIL8tcRxLKlCYD+UGxA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5d07b27a88c3a18c53aeedfa2fa9d45

Files

b5d07b27a88c3a18c53aeedfa2fa9d45
.dll windows:4 windows x86 arch:x86

2cd702b73724d359cf2aad218eb43578

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
_adjust_fdiv
_initterm
_onexit
__dllonexit
_except_handler3
_wcsupr
wcsrchr
wcschr
wcsstr
malloc
free
memmove
memcpy
_snwprintf
??2@YAPAXI@Z
rand
swprintf
__CxxFrameHandler
sprintf
strstr
memset
??3@YAXPAX@Z
??1type_info@@UAE@XZ

wininet

InternetOpenW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
HttpEndRequestW

netapi32

NetUserGetInfo
NetApiBufferFree

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname

crypt32

CryptUnprotectData

mfc42u

ord3806
ord551
ord547

kernel32

CopyFileW
TerminateThread
ExitThread
WinExec
GetModuleFileNameW
CreateThread
SetEvent
OpenEventW
GetCurrentProcessId
SetLastError
LocalFree
GetShortPathNameW
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
lstrcpyW
GetVersionExW
lstrcpyA
lstrcmpA
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
lstrlenW
MultiByteToWideChar
GetLastError
GlobalMemoryStatus
lstrcatW
WideCharToMultiByte
GetComputerNameW
lstrcmpiA
lstrcmpiW
GetDiskFreeSpaceExW
GetDriveTypeW
FindClose
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
GetVolumeInformationW
CloseHandle
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
MoveFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
GetTempPathW
CreateProcessW
GetSystemDirectoryW
CreateToolhelp32Snapshot
PeekNamedPipe
Sleep
OpenProcess
Process32NextW
lstrcmpW
Process32FirstW
GetStartupInfoW

user32

GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
CallNextHookEx
SetWindowsHookExW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
UnhookWindowsHookEx
CloseDesktop

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
OpenProcessToken
CreateProcessAsUserW
SetSecurityDescriptorDacl
CopySid
AddAce
GetAce
CreateServiceW
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetTokenInformation
RegSetValueExW
RegCreateKeyW
ChangeServiceConfigW
OpenSCManagerW
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceW
CloseServiceHandle

iphlpapi

GetNetworkParams

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo

Exports

Exports

Install
NtCloseStatus
NtOpenStatus
RunInstallA
RunUninstallA
ServiceMain
Uninstall

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd702b73724d359cf2aad218eb43578

Headers

File Characteristics

Imports

msvcrt

wininet

netapi32

ws2_32

crypt32

mfc42u

kernel32

user32

advapi32

iphlpapi

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 22KB

Shared Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 22KB

Shared
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB