bd41caa73dc5cc012e26631d332cfda2

Sharing

Copy URL Twitter E-mail

General

Target

bd41caa73dc5cc012e26631d332cfda2
Size

100KB
MD5

bd41caa73dc5cc012e26631d332cfda2
SHA1

22c5ae62cc3c73fd219d8b244b37a97718067200
SHA256

30eadb6bca813cac676b1cf7c4e76754a43defe3859690c1d1624598ab8de3da
SHA512

54dc572e0addf1cf6ad502e7d0741f45c1facdf388ce1989c8f95067ef1647ecfcf3d088446a10af7e1617bf9c11a607a8a46b75b4994329d9d552ad38019b04
SSDEEP

1536:JK4NU6wFsuimMwp5XTH+0ZfMmIGTXvzl88LloQiwc3i:JK4NKsDm3nXi5mE8LloQiwcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd41caa73dc5cc012e26631d332cfda2

Files

bd41caa73dc5cc012e26631d332cfda2
.dll windows:4 windows x86 arch:x86

13a95c7f459969ddbe055a8cc94b2102

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

VirtualAllocEx
lstrcpyA
WinExec
GetTickCount
GetTempPathA
ReadFile
SetFilePointer
ReadProcessMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualProtectEx
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
CreateThread
GetCurrentProcess
SetUnhandledExceptionFilter
WriteProcessMemory
SetEvent
CreateEventA
GetCurrentThreadId
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CreateRemoteThread
FindResourceA
LoadResource
GetWindowsDirectoryA
CreateFileA
SizeofResource
WriteFile
FreeResource
lstrlenA
Sleep
DeleteFileA
SetLastError
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
OpenProcess
WaitForSingleObject
CloseHandle
lstrcatA
HeapAlloc
HeapFree
FreeConsole
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TlsAlloc
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType

user32

wsprintfA
GetWindowThreadProcessId
FindWindowA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
DeleteUrlCacheEntry
InternetConnectA
InternetOpenA

ws2_32

closesocket
recv
send
gethostname
connect
htons
gethostbyname
socket
WSAStartup

urlmon

URLDownloadToFileA

Exports

Exports

ServiceMain

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13a95c7f459969ddbe055a8cc94b2102

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

wininet

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 4KB