bcc910395497cfe3ed8c7dab0c437965

Sharing

Copy URL Twitter E-mail

General

Target

bcc910395497cfe3ed8c7dab0c437965
Size

31KB
MD5

bcc910395497cfe3ed8c7dab0c437965
SHA1

01b23b793747d9b98d3a6b8719c32619de9a1b9f
SHA256

2cf41dc2fa0aef64ff5776f83c76fbc501b5fddbf3a06a6b226e390c8e642e3c
SHA512

c47010d1fe36a25fa27821904475237617b33643914e15c2e219849312f8a48df00946ad100b93caf4d6f9a6c07fa34470ff93f015a0ff7263be4de8cc9dad0e
SSDEEP

384:ATQH0vTFxdgAgz+dSC20A/HxGt8+6sB0x/ply3klhHtYp3h0MZeHyOz7hWbWnmns:f6TFxdgQwE8+Ixe32k5h0McT7Fmna6O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcc910395497cfe3ed8c7dab0c437965

Files

bcc910395497cfe3ed8c7dab0c437965
.dll windows:4 windows x86 arch:x86

33344b4adfffd15882d9242681c7ad60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

memset
strcpy
strncpy
_strnicmp
strncmp
strlen
_strdup
free
memcpy
strcat
strcmp

kernel32

HeapCreate
HeapDestroy
GetCurrentProcess
GetLastError
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetModuleFileNameA
GetSystemDirectoryA
Sleep
FindFirstFileA
FindClose
CreateFileA
SetFileTime
SetCurrentDirectoryA
SetFileAttributesA
DisableThreadLibraryCalls
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryA
DeleteFileA
FindNextFileA
RemoveDirectoryA
CreateDirectoryA
GetDriveTypeA
MoveFileA
WriteFile
GetFileSize
SetFilePointer
ReadFile
WideCharToMultiByte
HeapReAlloc

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket

urlmon

URLDownloadToFileA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
DeleteUrlCacheEntryA

user32

OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetClassNameA
FindWindowExA
PostMessageA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateProcessAsUserA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ShellExecuteObject_IShellExecuteHookA_Execute

Sections

.code
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flat
Size: 1024B - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33344b4adfffd15882d9242681c7ad60

Headers

File Characteristics

Imports

crtdll

kernel32

wsock32

urlmon

wininet

user32

advapi32

Exports

Exports

Sections

.code Size: 11KB - Virtual size: 10KB

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 174B

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 988B

.flat Size: 1024B - Virtual size: 621B

.reloc Size: 2KB - Virtual size: 1KB

.code
Size: 11KB - Virtual size: 10KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 174B

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 988B

.flat
Size: 1024B - Virtual size: 621B

.reloc
Size: 2KB - Virtual size: 1KB