bce4f33cc30ae81ef52642a0f7d836e0

Sharing

Copy URL Twitter E-mail

General

Target

bce4f33cc30ae81ef52642a0f7d836e0
Size

28KB
MD5

bce4f33cc30ae81ef52642a0f7d836e0
SHA1

107ab3e77444b9dccdc47c70462241de8ccf8660
SHA256

db5ed795c6abdad9652d59131f686e0d901327116a406ac4347d34ef7fd704cb
SHA512

8c49216b265c13eb48588d510e4eb0da9377f4de4a61cbdc825ef14dad55284d3d6011781c09d39b6120500663b2da7ef74c3391e14ab640e83b016765f73386
SSDEEP

768:vGh4ZONL5gI4g5YOEqTz4aLMLu3aCz2+JyxIdxVq:uwONKme0z4ahTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bce4f33cc30ae81ef52642a0f7d836e0

Files

bce4f33cc30ae81ef52642a0f7d836e0
.dll windows:4 windows x86 arch:x86

c91f654e17c6e6764c0d849bbc85f4ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetModuleHandleA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
LoadLibraryA
GetSystemDirectoryA
GetCurrentThreadId
SetFilePointer
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
CreateProcessA
TerminateProcess

user32

CallNextHookEx
UnhookWindowsHookEx
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
GetForegroundWindow
SetWindowsHookExA

imagehlp

ImageLoad
ImageUnload

shlwapi

PathFileExistsA

msvcrt

atol
wcslen
_strcmpi
_strupr
_strlwr
_stricmp
strcmp
fopen
fread
fclose
strstr
strchr
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
atoi
??3@YAXPAX@Z
strncpy

wininet

InternetCloseHandle
InternetReadFile

Exports

Exports

fx
fy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c91f654e17c6e6764c0d849bbc85f4ce

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 13KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 13KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 2KB