ba0c1f2c2f6607f04a1ce85dce386201

Sharing

Copy URL Twitter E-mail

General

Target

ba0c1f2c2f6607f04a1ce85dce386201
Size

54KB
MD5

ba0c1f2c2f6607f04a1ce85dce386201
SHA1

de0f3bd59d48890b97593c1988fc404874d2129c
SHA256

8fb10af0e31e0dad4b74bb7e2ebe685a87c57ce5142b1c196ed31ce60d704f32
SHA512

3d511db4971c487b2c2778c303ae8b69b092d7378745d711178c662f60d5ca28a69199f2d66fd36b0f4891c09b98bed83ed02a6754d8f584fc33cbea3b4891b4
SSDEEP

768:cl4dN8UsFnToIf1yHZU2fOlVk2/As0TGvJGX/n7VtvKAh1Mm8SW1:ccNjsFnToIfgHiL2+As0TGv6CAwrSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba0c1f2c2f6607f04a1ce85dce386201

Files

ba0c1f2c2f6607f04a1ce85dce386201
.dll windows:4 windows x86 arch:x86

c674d09d240a036fd1cdb52df4ff160a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
GetFileSize
WriteFile
SetThreadPriority
InterlockedExchange
GetTickCount
GetModuleFileNameA
MoveFileExA
WaitForSingleObject
lstrcpyA
TerminateProcess
Process32First
Module32First
OpenProcess
GetPriorityClass
Process32Next
SetLastError
WinExec
GetCurrentProcess
MoveFileA
CopyFileA
DeleteFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
GetProcAddress
CreatePipe
CreateProcessA
GetStartupInfoA
GlobalMemoryStatus

user32

GetDesktopWindow
wsprintfA
MessageBoxA
SetCursorPos
ExitWindowsEx
mouse_event
CreateWindowExA
SendMessageA
IsWindow
GetSystemMetrics
OpenDesktopA
SetProcessWindowStation
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
CloseWindowStation

gdi32

DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject

advapi32

AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
CreateServiceA
RegOpenKeyA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
ControlService

shell32

ShellExecuteA
SHGetFileInfoA

msvcrt

strcspn
_strnset
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
wcstombs
_ftol
??3@YAXPAX@Z
strstr
_strlwr
atoi
_except_handler3
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
strncat
sprintf
strncpy

ws2_32

send
recv
gethostbyname
inet_addr
WSAStartup
shutdown
closesocket
connect
socket
htons
WSAIoctl
setsockopt

Exports

Exports

Install
RundllInstall
RundllUninstall
ServiceMain
function1

Sections

.xianni1
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xianni
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c674d09d240a036fd1cdb52df4ff160a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

Exports

Exports

Sections

.xianni1 Size: 1024B - Virtual size: 720B

.xianni Size: 49KB - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 2KB

.xianni1
Size: 1024B - Virtual size: 720B

.xianni
Size: 49KB - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 2KB