04b402723716d67684ed791e82c62e1c2daa72792b1cc46efdb3f730943684b8

Sharing

Copy URL

Twitter E-mail

General

Target

04b402723716d67684ed791e82c62e1c2daa72792b1cc46efdb3f730943684b8
Size

980KB
MD5

537c5a0e55724d78353578c6d42e5d11
SHA1

bd04dfd3408d982bc9df697cda501678a5e4f1ed
SHA256

04b402723716d67684ed791e82c62e1c2daa72792b1cc46efdb3f730943684b8
SHA512

389d622f705cb7815d680c8035c61ce240be9e77e30f99d68baaec68c8a8a469d4c1038e31be031027a5352384c3b5c6c07bd4f55e44d6a6c8c56e972af33015
SSDEEP

24576:nZQcaNvHu27o1i4v6sjaUwdr4M5gx6uxVNMtRqM60dVzDgO:nycQvOg/VAO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04b402723716d67684ed791e82c62e1c2daa72792b1cc46efdb3f730943684b8

Files

04b402723716d67684ed791e82c62e1c2daa72792b1cc46efdb3f730943684b8
.dll windows:4 windows x86 arch:x86

2fffa49cfbf880c36667abe7502f054b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_stricmp
_strupr
sscanf
getenv
vsprintf
_iob
memset
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CIpow
_CIacos
strchr
fprintf
_strcmpi
_beginthreadex
mbstowcs
wcscpy
printf
memmove
strncmp
rand
strcspn
atoi
strncpy
sprintf
strrchr
strstr
_except_handler3
_CxxThrowException
exit
wcstombs
memcmp
strlen
_ftol
ceil
strcpy
__CxxFrameHandler
strcat
malloc
free
strcmp
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z

msvfw32

ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage
ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrame

ws2_32

WSAStartup
gethostname
closesocket
send
recv
select
getsockname
connect
socket

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
lstrcpyA
VirtualFree
VirtualAlloc
WideCharToMultiByte
InterlockedExchange
LocalReAlloc
LocalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindNextFileA
FindFirstFileA
GetCurrentProcess
GetVersion
Sleep
WriteFile
DeviceIoControl
CreateFileA
SetLastError
LocalFree
GetLastError
GlobalAlloc
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetVersionExA
GetFileAttributesA
lstrlenA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetModuleHandleA
DeleteFileA
CreateDirectoryA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
RemoveDirectoryA
SetFileAttributesA
GetFileSize
ReadFile
SetFilePointer
MoveFileA
GetSystemDirectoryA
GetLocalTime
ExitProcess
GetModuleFileNameA
GetCommandLineA
FreeConsole
TerminateProcess
GetCurrentProcessId
GetConsoleProcessList
AttachConsole
WinExec
GetTickCount
GetTempPathA
OutputDebugStringA
MoveFileExA
CopyFileA
DefineDosDeviceA
SetUnhandledExceptionFilter
CreateMutexA
GetCurrentThreadId
GlobalMemoryStatusEx
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalSize
QueryPerformanceFrequency
QueryPerformanceCounter
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
CreateRemoteThread
Module32Next
Module32First
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryDosDeviceA
GetPriorityClass
DisableThreadLibraryCalls
GetSystemInfo

user32

GetForegroundWindow
GetWindowTextA
CharNextA
wsprintfA
EmptyClipboard
SetClipboardData
ExitWindowsEx
OpenClipboard
GetInputState
CloseClipboard
GetDC
ReleaseDC
GetClientRect
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
GetWindow
FindWindowA
GetAsyncKeyState
LoadCursorA
DestroyCursor
SystemParametersInfoA
keybd_event
MapVirtualKeyA
mouse_event
GetCursorPos
GetCursorInfo
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ShowWindow
PostMessageA
ChangeDisplaySettingsA
EndDialog
SetWindowPos
UpdateWindow
CreateDialogParamA
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
GetKeyState
GetSystemMetrics
SendMessageA
GetLastInputInfo
BlockInput
PostThreadMessageA
SetWindowTextA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
GetClipboardData

advapi32

IsValidSid
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
RegCloseKey
RegOpenKeyExA
GetUserNameA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
DeleteService
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
StartServiceCtrlDispatcherA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusA
ControlService
QueryServiceStatus
AbortSystemShutdownA
RegQueryValueExA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
BitBlt
GetRegionData
CombineRgn
CreateRectRgnIndirect

winmm

waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveInStart
waveInAddBuffer
waveInGetDevCapsA
waveOutGetNumDevs
waveOutClose
waveOutWrite
waveOutOpen
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
mixerClose
mixerGetLineInfoA
mixerGetDevCapsA
mixerGetNumDevs
mixerSetControlDetails
mixerOpen
waveOutPrepareHeader
mixerGetLineControlsA
mixerGetControlDetailsA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

wtsapi32

WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

psapi

GetProcessMemoryInfo
GetModuleFileNameExA
GetProcessImageFileNameA
EnumProcessModules

netapi32

NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetApiBufferFree
NetUserSetInfo

Exports

Exports

RunDll

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fffa49cfbf880c36667abe7502f054b

Headers

File Characteristics

Imports

msvcrt

msvfw32

ws2_32

kernel32

user32

advapi32

gdi32

winmm

ole32

oleaut32

setupapi

wtsapi32

shell32

userenv

msvcp60

psapi

netapi32

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 496KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 72KB - Virtual size: 514KB

.rsrc Size: 4KB - Virtual size: 368B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 500KB - Virtual size: 496KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 72KB - Virtual size: 514KB

.rsrc
Size: 4KB - Virtual size: 368B

.reloc
Size: 28KB - Virtual size: 25KB