c09d876e2b25a29ad6b78e6ead2a9c11

Sharing

Copy URL Twitter E-mail

General

Target

c09d876e2b25a29ad6b78e6ead2a9c11
Size

140KB
MD5

c09d876e2b25a29ad6b78e6ead2a9c11
SHA1

bf3b66d2bdcb5511bfa44e8b9ad09febcb0278f2
SHA256

bc469cf30f66340f68021724479c87e4cf347c012c8cf9e7f54169c466812f8d
SHA512

95e69e3fdce0e854c73fd17b71a0a0d4fc8e1e4803d8d4fcb891070b51c0ff6cdddbca4e0c2435d3d3723589d77f5b721f5b5ff71bc45e833330a13b3fe39ca2
SSDEEP

1536:+vSr3SEKQXLWHPzGiOEBVurt3IrLDXLTfUEw7LbJD2zIE4ktlCzG8Ot+GB:CSzPFCHPzGip3QmM3vJD+4ktloG8SJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c09d876e2b25a29ad6b78e6ead2a9c11

Files

c09d876e2b25a29ad6b78e6ead2a9c11
.dll windows:4 windows x86 arch:x86

cc5a68d117509b79f748c61800558682

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
Sleep
GetCurrentProcessId
LocalAlloc
CloseHandle
CreateEventA
GlobalFree
GetComputerNameW
GetCurrentThread
WaitForSingleObject
WideCharToMultiByte
lstrcpynW
GlobalAlloc
MultiByteToWideChar
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
LoadLibraryA
HeapReAlloc
VirtualAlloc
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
FindResourceW
LoadResource
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
lstrlenW
lstrcpyW
lstrcatW
lstrcmpiW
LocalFree
IsBadWritePtr
LockResource
FormatMessageW
GetCommandLineA
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
HeapAlloc
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleA
GetProcAddress
ExitProcess
VirtualQuery
RtlUnwind
GetVersionExA
InterlockedExchange
GetSystemInfo

user32

MessageBoxW
wsprintfW
CharNextW
CharPrevW
SendMessageW
SetWindowLongW
GetActiveWindow
SendDlgItemMessageW
SetFocus
IsDlgButtonChecked
DialogBoxParamW

advapi32

RegDeleteValueW
RegDeleteValueA
OpenThreadToken
OpenProcessToken
GetTokenInformation
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoTaskMemFree

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
I_RpcMapWin32Status
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingA
RpcNetworkIsProtseqValidA
NdrFreeBuffer
NdrClientContextUnmarshall
NdrConvert
NdrConformantArrayMarshall
NDRCContextBinding
NdrClientContextMarshall
NdrConformantVaryingArrayUnmarshall
NdrClientInitializeNew
NdrGetBuffer
NdrSendReceive
NdrConformantArrayBufferSize

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc5a68d117509b79f748c61800558682

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 37KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 37KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 3KB - Virtual size: 3KB