b6bd549b4a6b7fa0a741882320c08eec

Sharing

Copy URL Twitter E-mail

General

Target

b6bd549b4a6b7fa0a741882320c08eec
Size

44KB
MD5

b6bd549b4a6b7fa0a741882320c08eec
SHA1

00841f0566507b31ed8062be6ae85929ca1b7fbc
SHA256

b2f8ebc39baaa1d68828c1c943f1bf3a1613c4ec4db0b5ebe9e23030484d9485
SHA512

2daf0ae336fb236f8783303181b0d5c7da6d0bf21fcdd0c7791aa4972e0a31bc0cacc5c818ca290f83d1efdff56d36e12cea135e4c10ca1f355822fdf229bd4b
SSDEEP

384:1NdyW5R06BSFK2+nlFNJ0Pbak0gYrdethCjtQES7vW/WKH:1byW/BStaNQcrdwhSCe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6bd549b4a6b7fa0a741882320c08eec

Files

b6bd549b4a6b7fa0a741882320c08eec
.dll windows:4 windows x86 arch:x86

bd2169459d3fe0d56a63880521a520d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

ws2_32

send
WSACleanup
connect
gethostbyname
socket
closesocket
recv
WSAStartup
htons

msvcrt

memcpy
atoi
rand
strncpy
strlen
fopen
printf
fseek
ftell
fgetc
fread
fclose
time
sprintf
strcpy
strcat
strstr
memset

kernel32

GetProcAddress
GetLastError
LocalAlloc
lstrcmpiA
GetCurrentProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
CreateRemoteThread
Sleep
CloseHandle
GetFileSize
CreateFileA
DeleteFileA
CreateThread
WinExec
lstrcatA
GetSystemDirectoryA
lstrcpyA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
FreeLibrary
GetVolumeInformationA
LoadLibraryA
GetComputerNameA
GetModuleFileNameA
GetVersionExA

user32

CharUpperA
EnumWindows
GetWindowTextA
FindWindowExA
GetWindow
SendMessageA
wsprintfA

advapi32

RegQueryValueExA
QueryServiceConfigA
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
AdjustTokenPrivileges
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

ole32

CoCreateGuid

Exports

Exports

?Dll2Main@@YGHPAUHINSTANCE__@@KPAX@Z

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd2169459d3fe0d56a63880521a520d2

Headers

File Characteristics

Imports

urlmon

wininet

ws2_32

msvcrt

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 640B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 640B

.reloc
Size: 4KB - Virtual size: 1KB