baa7ebcfdfda173d16d0e9d99c23c840

Sharing

Copy URL Twitter E-mail

General

Target

baa7ebcfdfda173d16d0e9d99c23c840
Size

312KB
MD5

baa7ebcfdfda173d16d0e9d99c23c840
SHA1

0a087824a028f5525482167c74d645f02360934f
SHA256

aaf3ef69c01def24b1f2c07add8ce5681fbaafb7f33632d8016a45f74fef2427
SHA512

421235d4515a32f2047a4760e138b0230d76a25e183e554291c85bc2e951974b56380c537687be15cb6819b9a21b1a617698f68bcfa4524afa0b2a334036a350
SSDEEP

6144:yZ2WqNmPkvSBPcDsKwZSsWhktS9Zan1TO:yZ2HjvSFcH2boktSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baa7ebcfdfda173d16d0e9d99c23c840

Files

baa7ebcfdfda173d16d0e9d99c23c840
.dll windows:4 windows x86 arch:x86

1ea50f2a9b2a8501701c6116fb83ea04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
WSAAsyncSelect
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
gethostbyaddr
WSAStartup
bind
listen
WSAConnect
select
WSAIoctl
inet_addr
gethostbyname
WSASetLastError
htons
WSAGetLastError
recv
WSASocketA
shutdown
closesocket
send
accept
ioctlsocket

wininet

HttpOpenRequestA
InternetReadFile
InternetQueryOptionA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetSetFilePointer

iphlpapi

GetIpAddrTable

kernel32

GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
InterlockedExchange
lstrlenA
lstrcpyA
MoveFileA
CloseHandle
WriteFile
DeleteFileA
SetFilePointer
CreateFileA
CreateThread
ReadFile
GetDriveTypeA
FindClose
FindNextFileA
FindFirstFileA
GetProcAddress
GetModuleHandleA
TerminateProcess
OpenProcess
Sleep
lstrcmpA
GetFileSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GetComputerNameA
ResetEvent
CreateEventA
WaitForSingleObject
SetEvent
ExitThread
lstrcatA
GetTempPathA
CreateProcessA
CreatePipe
PeekNamedPipe
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetVolumeInformationA
GetConsoleMode
GetCurrentProcess
CreateDirectoryA
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetOEMCP
CopyFileA
GetModuleFileNameA
GetWindowsDirectoryA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenMutexA
GetEnvironmentVariableA
ExitProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
HeapAlloc
HeapReAlloc
HeapFree
GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
FlushFileBuffers
MultiByteToWideChar
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
GetDiskFreeSpaceA
GetConsoleCP
GetLocaleInfoW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetVersionExA

user32

CallNextHookEx
SetWindowTextA
GetWindow
SetForegroundWindow
PostQuitMessage
LoadIconA
UnhookWindowsHookEx
PostThreadMessageA
SetWindowsHookExA
GetTopWindow
SetTimer
SetCursorPos
mouse_event
GetDC
ReleaseDC
GetCursorPos
WindowFromPoint
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA
ExitWindowsEx
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
EnumWindows
FindWindowA
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
CharLowerA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
RegisterClassA
CreateWindowExA
UnregisterClassA
UpdateWindow
SetWindowLongA
GetWindowLongA
DefWindowProcA
ShowWindow

gdi32

GetStockObject
GetDeviceCaps

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ControlService
DeleteService
OpenServiceA
StartServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegDeleteValueA
RegLoadKeyA
RegSaveKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

shell32

Shell_NotifyIconA
SHFileOperationA
ShellExecuteA
ShellExecuteExA

Exports

Exports

?Me2@@YAHKKDD@Z
?Me3@@YAHKKDD@Z
?Uneet1@@YAHKKDD@Z
?Uneet2@@YAHKKDD@Z
?Uneet@@YAHKKDD@Z
?You1@@YAHKKDD@Z
KillOld
SetHook
runform
testform

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ea50f2a9b2a8501701c6116fb83ea04

Headers

File Characteristics

Imports

ws2_32

wininet

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB