b969d61927c4c7d1fdb0cd8df356a378

Sharing

Copy URL Twitter E-mail

General

Target

b969d61927c4c7d1fdb0cd8df356a378
Size

28KB
MD5

b969d61927c4c7d1fdb0cd8df356a378
SHA1

db68141e508a3404abc52ede4cc96deaf832c002
SHA256

a487b1e054d424310fcb220e0f47ae2cd3f68078959f22eb87145f63bbcaa334
SHA512

9e833b67c9a2a2e7b2eb63f05efb62db88a26d26eb4818987c892da83363f7364546d6eb079c796d0914301063092251a1b918763fc1dd62199b90c899c95723
SSDEEP

768:WzeYCav+S+9h6GcqrnLrUxuECv2+JyMIK6Xn:+eiiTLVLB0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b969d61927c4c7d1fdb0cd8df356a378

Files

b969d61927c4c7d1fdb0cd8df356a378
.dll windows:4 windows x86 arch:x86

c91f654e17c6e6764c0d849bbc85f4ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetModuleHandleA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
LoadLibraryA
GetSystemDirectoryA
GetCurrentThreadId
SetFilePointer
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
CreateProcessA
TerminateProcess

user32

CallNextHookEx
UnhookWindowsHookEx
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
GetForegroundWindow
SetWindowsHookExA

imagehlp

ImageLoad
ImageUnload

shlwapi

PathFileExistsA

msvcrt

atol
wcslen
_strcmpi
_strupr
_strlwr
_stricmp
strcmp
fopen
fread
fclose
strstr
strchr
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
atoi
??3@YAXPAX@Z
strncpy

wininet

InternetCloseHandle
InternetReadFile

Exports

Exports

bbb
ccc

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c91f654e17c6e6764c0d849bbc85f4ce

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 13KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 13KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 2KB