ba7e7706c68e1de75fa6075078ec0951

General

Target

ba7e7706c68e1de75fa6075078ec0951
Size

16KB
MD5

ba7e7706c68e1de75fa6075078ec0951
SHA1

80955a6268fd01c0870b29b61ee0a4dff854d54d
SHA256

4028fe0aa38ecbeba76742f6d3b8e2f9c1e50663a4f1d02e366d6533c55616fe
SHA512

6a5609b8e0687cbef86e91dbe407b3f47bcbbe246e0e023c0cb977e0d19ca27c5b0355e7e6fd27d2c52dca578a3651513433266970706f865bfc28ae7aa2f419
SSDEEP

384:QDihsMgrd6bCOFMf2sIJ2Rs01Z7c/6lKvhkpy:IihsnR6bC9DIJCs01Z72y5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba7e7706c68e1de75fa6075078ec0951

Files

ba7e7706c68e1de75fa6075078ec0951
.dll windows:4 windows x86 arch:x86

54e81a7ddbb2862f18cab189110c2cc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

FindWindowA
UnhookWindowsHookEx
wsprintfA
SendMessageA
CallNextHookEx

kernel32

CreateThread
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetFileSizeEx
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetTempPathA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
CreateFileA
LocalFree
OutputDebugStringA
ReadFile
ReadProcessMemory
RemoveDirectoryA
RtlZeroMemory
SetFilePointer
Sleep
VirtualProtectEx
VirtualQueryEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
CompareStringA
CloseHandle
IsBadReadPtr
LocalAlloc
VirtualAlloc

advapi32

RegCloseKey
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges

psapi

GetModuleInformation

shlwapi

StrStrA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

msvcrt

strrchr

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e81a7ddbb2862f18cab189110c2cc1

Headers

File Characteristics

Imports

user32

kernel32

advapi32

psapi

shlwapi

wininet

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 1KB