bc83e37abb325d7fac6d65e287220283

Sharing

Copy URL Twitter E-mail

General

Target

bc83e37abb325d7fac6d65e287220283
Size

19KB
MD5

bc83e37abb325d7fac6d65e287220283
SHA1

1238f0d039824a3979583fcf55caf946f91d073c
SHA256

054b6b07967a9c01d296bc1088a6cd2ae35a0134d7257df03f35c9b92b9d37c5
SHA512

11596d81350cff03e832b84b87d209ab5b4461efcfc25fe0a345ab9a6187ab085605abf48df72c7e6336676d08041e6302ce5fe0d1a83d13f2762b98414a477f
SSDEEP

384:If9AdK2FRQ1c58YfmLlAkCIKqemog6jlxHw3F8W4XGdWrnmA:IfgnF4YOeUtog6B5w34GQnmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc83e37abb325d7fac6d65e287220283

Files

bc83e37abb325d7fac6d65e287220283
.dll windows:4 windows x86 arch:x86

0169d8a8faf422e5201bfe2c9e18ed50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReleaseMutex
SetEvent
GetFileTime
CreateFileA
SetFileTime
WriteFile
UnmapViewOfFile
SetFileAttributesA
DeleteFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
CloseHandle
GetLastError
CreateMutexA
OpenEventA
CreateEventA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
GetModuleFileNameA
GetComputerNameA
GetVersionExA
Sleep
GetModuleHandleA
GetProcAddress
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
InitializeCriticalSection

user32

ExitWindowsEx

advapi32

OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

_stricmp
_strnicmp
_purecall
_beginthreadex
malloc
free
strncpy
__CxxFrameHandler
__dllonexit
_onexit
_initterm
_adjust_fdiv

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

gethostbyname
send
recv
htons
closesocket
socket
WSAStartup
WSACleanup
connect

Exports

Exports

InitHelperDll

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Plugin
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0169d8a8faf422e5201bfe2c9e18ed50

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.Plugin Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.Plugin
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1KB - Virtual size: 1KB