bc65aa5cd4fa1b258fb6e83969418e31

Sharing

Copy URL

Twitter E-mail

General

Target

bc65aa5cd4fa1b258fb6e83969418e31
Size

80KB
MD5

bc65aa5cd4fa1b258fb6e83969418e31
SHA1

e3c0eeed7a08caf519e7fd37d569946232316357
SHA256

16e23671e95df4da9cd4dbd0316d0aed1412e728f3358862535f0ef668873bb1
SHA512

4181c8d78ed687fe58862600793f1a4cab60032999343530b1a5a27ad58e003737929643286f34b78cfd1014ff1cf0cd3bbe958845f5d6f6ab44c5675af9d46a
SSDEEP

768:1HcIs09x4jELmuIcKhSnCD2ANuJx98XrNBeNwI:KIs00jCmuLKkh9mBWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc65aa5cd4fa1b258fb6e83969418e31

Files

bc65aa5cd4fa1b258fb6e83969418e31
.dll windows:4 windows x86 arch:x86

f5886c9c628fabc344a8a092ca9378fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenW
ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
GetCurrentProcess
Module32First
VirtualProtectEx
SetFilePointer
GetModuleHandleA
MultiByteToWideChar
CreateMutexA
DeleteFileA
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameA
CopyFileA
TerminateProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DisableThreadLibraryCalls
IsBadReadPtr
WriteFile
InitializeCriticalSection
LocalAlloc
CreateFileA
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

GetForegroundWindow
GetWindowRect
GetDC
ReleaseDC
IsRectEmpty
OpenWindowStationA
OpenDesktopA
wsprintfA
GetWindowThreadProcessId
EnumWindows
SetThreadDesktop

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

ws2_32

socket
htons
ioctlsocket
connect
select
recv
send
closesocket
WSAStartup
gethostbyname
getpeername

msvcrt

strstr
strchr
wcscmp
_except_handler3
_splitpath
_purecall
strrchr
rand
srand
__dllonexit
_onexit
sscanf
strcat
malloc
free
_mbscmp
atol
_mbsnbcmp
_mbsnbcpy
_itoa
sprintf
strlen
_beginthreadex
strncmp
memset
atoi
strcmp
__CxxFrameHandler
memcpy
??2@YAPAXI@Z
strcpy

shlwapi

PathFileExistsA
StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipCreateBitmapFromFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCloneImage

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5886c9c628fabc344a8a092ca9378fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

iphlpapi

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 39KB

shard Size: 12KB - Virtual size: 9KB

.CRT Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 39KB

shard
Size: 12KB - Virtual size: 9KB

.CRT
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 3KB