bf175474fc8074a54408c94fbc0c40ce

Sharing

Copy URL

Twitter E-mail

General

Target

bf175474fc8074a54408c94fbc0c40ce
Size

28KB
MD5

bf175474fc8074a54408c94fbc0c40ce
SHA1

a478eb432c63353f0767d6abaf6282e6496713c3
SHA256

c1b4eb7b962f5396d7e33e83508038a4d919a17dd82be423619da221d322292f
SHA512

0f31606f38aa585cc7c458b9ee6b50b063bb464e17876b34135d8d50d21b8e24100aec2ad6b51a25bb5ef324499388e4377aa602ddd873b0cb258da0e48c7e63
SSDEEP

768:1EtI20cGFI59gj99xS9B8CJsbH+WunqVx1k1xl:utI20+Y56sbnunfx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf175474fc8074a54408c94fbc0c40ce

Files

bf175474fc8074a54408c94fbc0c40ce
.dll windows:4 windows x86 arch:x86

d83ab7d32dcad8495d38cf013e8e7386

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
MultiByteToWideChar
HeapReAlloc
DebugBreak
GetCurrentProcess
FlushInstructionCache
lstrlenW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
lstrlenA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
DispCallFunc
SysStringLen

atl

ord11
ord23
ord21
ord58
ord31
ord30
ord10
ord32
ord15
ord18
ord57
ord16

shlwapi

StrStrIW
StrStrW

msvcp60

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

msvcrt

wcsstr
wcslen
memcpy
memcmp
__dllonexit
_onexit
memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zazoc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d83ab7d32dcad8495d38cf013e8e7386

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

atl

shlwapi

msvcp60

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 657B

.rsrc Size: 9KB - Virtual size: 10KB

.zazoc Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 657B

.rsrc
Size: 9KB - Virtual size: 10KB

.zazoc
Size: 4KB - Virtual size: 4KB