b41577d134e06647eb8be70f6cc15a2e

Sharing

Copy URL Twitter E-mail

General

Target

b41577d134e06647eb8be70f6cc15a2e
Size

760KB
MD5

b41577d134e06647eb8be70f6cc15a2e
SHA1

e9c47e2ebe868ffb3f3a896b22fbd40f08a27c6e
SHA256

7753d9da6d711fc814e7affe7cb4dff4b2f48140abd3ff8888a39597bf322fd2
SHA512

4d61a1d0897aa3fe44910e5e049980a35e9e6087349b747454e04f5ea4758d2cd997abfafa0a58d17ee34de3c5cf7cda35f1bbcf863d39b46e8447f23e9c919c
SSDEEP

12288:CDCQp2dQQwRtlNg4FbiirrNEViV+A4XPXh:SCQpOQNtiirraGH4XPXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b41577d134e06647eb8be70f6cc15a2e

Files

b41577d134e06647eb8be70f6cc15a2e
.dll windows:4 windows x86 arch:x86

d22899bf328e5efac85f4620631e4e0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
CopyFileW
GetFileAttributesA
SetFileAttributesA
SetFileAttributesW
CreateFileA
MoveFileExW
SetEndOfFile
SetFileTime
SetFilePointer
OutputDebugStringW
MultiByteToWideChar
GetLogicalDrives
GetLocalTime
Beep
SystemTimeToFileTime
GetVersionExW
GetFileTime
FileTimeToSystemTime
LockResource
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetPrivateProfileStringW
ReadFile
SetNamedPipeHandleState
CreateEventW
GetExitCodeThread
FlushFileBuffers
DisconnectNamedPipe
SetEvent
lstrcmpW
VirtualProtect
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
ReadProcessMemory
DeviceIoControl
DosDateTimeToFileTime
LocalFileTimeToFileTime
LoadLibraryA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
OpenProcess
TerminateProcess
CreateThread
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateProcessW
WaitForSingleObject
Sleep
SearchPathW
DeleteFileW
GetLastError
WriteFile
lstrcpyW
lstrcatW
FindNextFileW
CreateFileW
GetFileSize
CloseHandle
FindFirstFileW
FindClose
lstrcmpiW
lstrcpynW
GetEnvironmentVariableW
lstrlenW
GetModuleHandleW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetSystemTime

user32

EndDialog
KillTimer
SetTimer
ShowWindow
GetDlgItem
ExitWindowsEx
GetClientRect
LoadIconW
GetWindowRect
GetSystemMetrics
SetWindowPos
SendMessageW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
wsprintfW
PostMessageW
EnableWindow
MessageBeep
SetFocus
DialogBoxParamW
MessageBoxW

comdlg32

GetOpenFileNameW

advapi32

IsTextUnicode
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EnumServicesStatusW
OpenSCManagerW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
GetTokenInformation
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
EnumServicesStatusExW
ChangeServiceConfigW
OpenServiceA
StartServiceW
CreateServiceW
ControlService
LookupAccountSidW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW

shlwapi

PathFileExistsW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
SHGetValueW
SHSetValueW
PathFindExtensionW
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
WSAStartup
WSACleanup
closesocket
recv
send
connect
htons
socket

netapi32

NetUserGetInfo

wininet

InternetCloseHandle
InternetReadFile
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW

msvcrt

_wcsupr
_adjust_fdiv
_initterm
_onexit
__dllonexit
strrchr
_tempnam
_lseek
_close
_write
_read
_open
strstr
_stricmp
sprintf
memmove
_except_handler3
__CxxFrameHandler
_wstat
wcscmp
wcstok
fseek
remove
fread
fwrite
fgetws
fgets
strncpy
fopen
_errno
_wcsnicmp
_itow
_wtoi
_strcmpi
_wtol
fputws
wcsncat
time
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsncpy
malloc
wcslen
free
wcsrchr
swprintf
wcsncmp
wcscpy
_wcsicmp
wcscat
wcschr
wcsstr
fclose
fprintf
_wfopen

Exports

Exports

CompressSamplesToCab
DisableAutorun
FixAttrib
GetProcessList
GetSamples
GetSamplesE
GetSamplesWithWarning
GetSamplesWithXulyFile
IsNewUSBFile
LiveConnectSaveLog
NewCleanReg
SaveLog
SaveLogEx
SendUSBSample
TroGiup

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 90.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d22899bf328e5efac85f4620631e4e0e

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

psapi

shlwapi

version

ws2_32

netapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 76KB - Virtual size: 90.3MB

.rsrc Size: 508KB - Virtual size: 507KB

.reloc Size: 56KB - Virtual size: 53KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 76KB - Virtual size: 90.3MB

.rsrc
Size: 508KB - Virtual size: 507KB

.reloc
Size: 56KB - Virtual size: 53KB