b8e34c28cadf11f483675f6ddbfd05bf

Sharing

Copy URL Twitter E-mail

General

Target

b8e34c28cadf11f483675f6ddbfd05bf
Size

112KB
MD5

b8e34c28cadf11f483675f6ddbfd05bf
SHA1

e27f131d5218cbccaf49269e0b5b14df0fbca93d
SHA256

222de3ef16a1fcc381159e0d372d8e73256d7b0ad03691ad1f037ea094270d48
SHA512

b900b77756a858fbc0e392bb7c6694cf289148938e5409a2306c17ee8d29ee020bc5ea8d09eac834e145dea2e9ab7e5ad3b97c19c39580e11d3bc53082128d10
SSDEEP

3072:EBpZcWfOslnqK40BKrluKnBHwdnMRwaDdSO:EesNqK7BKRBQVonN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8e34c28cadf11f483675f6ddbfd05bf

Files

b8e34c28cadf11f483675f6ddbfd05bf
.dll windows:4 windows x86 arch:x86

c74dcd9ac418553c11f69372d080d092

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOverlappedResult
WaitForMultipleObjects
GetQueuedCompletionStatus
GetTickCount
MultiByteToWideChar
lstrlenA
WriteConsoleA
GetSystemTimeAsFileTime
ReadFile
GlobalFree
SizeofResource
FindResourceW
lstrcmpW
GlobalAlloc
LoadResource
lstrcmpiW
GetCurrentThreadId
lstrlenW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
ResetEvent
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
HeapAlloc
UnhandledExceptionFilter
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStartupInfoA
GetSystemInfo
GetFileType
SetHandleCount
TerminateProcess
ExitProcess
VirtualQuery
GetVersionExA
RtlUnwind
GetCurrentProcess
SetProcessWorkingSetSize
SetEvent
PostQueuedCompletionStatus
CloseHandle
WriteFile
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
InterlockedExchange
GetStdHandle
VirtualProtect
HeapSize
GetCommandLineA

user32

GetWindowDC
GetWindowRect
GetPropW
SetPropW
SetWindowLongW
SetWindowLongA
GetClassNameW
IsWindowUnicode
SendMessageW
GetWindowLongW
CallNextHookEx
SetWindowsHookExW
RemovePropW
CallWindowProcW
GetClientRect
MapWindowPoints
ShowCaret
BeginPaint
EndPaint
ExcludeUpdateRgn
GetWindowTextW
CharNextW
DrawTextW
GetFocus
IntersectRect
DrawFocusRect
ValidateRect
ScreenToClient
InvalidateRect
GetSysColor
GetDC
GetSystemMetrics
DefWindowProcW
IsIconic
IsWindowEnabled
GetWindow
GetParent
InflateRect
OffsetRect
ReleaseDC
wvsprintfA
MsgWaitForMultipleObjects
HideCaret

advapi32

ReportEventW

gdi32

CreateDIBitmap
SetBkColor
DeleteObject
IntersectClipRect
GetTextExtentPointW
ExtTextOutW
SelectObject
SetTextColor
CreateSolidBrush
SetBkMode
PatBlt

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c74dcd9ac418553c11f69372d080d092

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 40KB - Virtual size: 72KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 40KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB