b583604af2b4d119e59cdfaedddce078

Sharing

Copy URL Twitter E-mail

General

Target

b583604af2b4d119e59cdfaedddce078
Size

180KB
MD5

b583604af2b4d119e59cdfaedddce078
SHA1

88927431becc32992f7c75b33ed549093f48aa12
SHA256

0c892c46fa6ddc0e11e26e47b58c09b108aff92fec0308127b11c79ea986fb4b
SHA512

f4edd92e0133b4c23adeeb1c05087b7f76e29153ef6390a5231d6078379f6f3d8ff818277fbb981dcbcc6e01f5391c4ad9cd0471c9dc60c2618a2e046b54f416
SSDEEP

3072:a4h5Lch0HTguy9yIGSyy7p6p8QLRQGgyXWTBfFXW6CbDllK5Maqi0:9h54yjAyIj74p8WmGtWTBN2HKy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b583604af2b4d119e59cdfaedddce078

Files

b583604af2b4d119e59cdfaedddce078
.dll windows:4 windows x86 arch:x86

413869ca92ed700541470ca8b1851575

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetWindowsDirectoryA
GetComputerNameA
GetTickCount
GlobalMemoryStatus
lstrcatA
ExpandEnvironmentStringsA
lstrcpynA
lstrcmpA
lstrlenA
GetSystemInfo
GetVolumeInformationA
LocalAlloc
SetEvent
ResetEvent
CreateEventA
ReadFile
PeekNamedPipe
GetStartupInfoA
CreatePipe
HeapAlloc
GetProcessHeap
HeapFree
SleepEx
SetEnvironmentVariableA
CompareStringW
GetVersionExA
GetLocaleInfoW
GetCurrentProcessId
IsBadCodePtr
IsBadReadPtr
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetFileAttributesExA
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
ExitProcess
InitializeCriticalSection
FlushFileBuffers
VirtualQuery
VirtualProtect
lstrcmpiA
OpenThread
GetCurrentThread
FormatMessageA
SetLastError
LocalFree
GetModuleHandleA
MultiByteToWideChar
QueryPerformanceCounter
CreateProcessA
QueryPerformanceFrequency
Sleep
CompareStringA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
MoveFileA
GetFileAttributesA
SetFilePointer
SetEndOfFile
GetStdHandle
GetCurrentProcess
lstrcpyA
CloseHandle
GetCurrentThreadId
CreateThread
GetSystemDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
WriteFile
Process32First
LoadLibraryA
GetProcAddress
VirtualAllocEx
WaitForSingleObject
VirtualFreeEx
TerminateProcess
OpenProcess
Toolhelp32ReadProcessMemory
Heap32ListNext
Heap32ListFirst
Thread32Next
Thread32First
Module32Next
Module32First
Process32Next
CreateToolhelp32Snapshot
DeviceIoControl
GetLastError
GetVersion
GetTimeZoneInformation
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
SetHandleCount
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
DeleteCriticalSection
GetCommandLineA
ResumeThread
ExitThread
GetFileType
LeaveCriticalSection
EnterCriticalSection
CreateFileA
GetStringTypeW
SetStdHandle
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
RaiseException
RtlUnwind

user32

GetForegroundWindow
GetWindowTextA
wsprintfA
CallNextHookEx
GetKeyState
SetWindowsHookExA
DispatchMessageA
TranslateMessage
GetMessageA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseWindowStation
IsCharAlphaNumericA
ExitWindowsEx
PeekMessageA
SendMessageA
IsWindow
keybd_event
mouse_event
SetCursorPos
GetDC
ReleaseDC

gdi32

RealizePalette
GetStockObject
SelectPalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

LsaClose
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegSaveKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
DeleteService
StartServiceA
QueryServiceStatus
ControlService
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusExA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenSCManagerA
ImpersonateLoggedOnUser
GetUserNameA
LsaOpenPolicy
RegEnumKeyExA
RevertToSelf
LsaRetrievePrivateData
LsaFreeMemory
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupAccountSidA

urlmon

URLDownloadToCacheFileA

ws2_32

recv
select
ntohl
WSACleanup
WSAStartup
WSAGetLastError
connect
accept
socket
htons
htonl
bind
listen
closesocket
inet_addr
gethostbyname
send

psapi

EnumProcessModules
GetModuleFileNameExA

netapi32

Netbios

avicap32

capCreateCaptureWindowA

winmm

mmioOpenA
waveInOpen
waveInClose
waveInStart
mmioCreateChunk
mmioAscend
waveInStop
waveInUnprepareHeader
waveInPrepareHeader
mmioWrite
waveInAddBuffer
mmioClose

oleaut32

GetErrorInfo

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

413869ca92ed700541470ca8b1851575

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

urlmon

ws2_32

psapi

netapi32

avicap32

winmm

oleaut32

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 30KB

shared Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 30KB

shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB