c1979608385bb5063209263b8511ae9b

Sharing

Copy URL Twitter E-mail

General

Target

c1979608385bb5063209263b8511ae9b
Size

30KB
MD5

c1979608385bb5063209263b8511ae9b
SHA1

6e5696a5c88572f7209b517af89601e962df187f
SHA256

629db2145ec1fc976e88ca2018834195c9912f347ca440c17170ff3f7894755d
SHA512

0ec51c6acb3d01c4b59ba386b6b865ec0913d3819a4f793c9ab96bcf8b3ca2e840ebe08a5344fd51b6f30c36f8f00c506c6d52685fe1a8f5a7577985ce8ce089
SSDEEP

768:f91DMytlNu7LJiDFAKBdcFk4w0fhgMEC4GO:f9RMy34Muo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1979608385bb5063209263b8511ae9b

Files

c1979608385bb5063209263b8511ae9b
.dll windows:4 windows x86 arch:x86

ec57ec39fe2f1b1a46d6d3f56d20ed13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadPriority
GetPrivateProfileStringA
GetModuleHandleA
ReadProcessMemory
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
GetProcAddress
ReadFile
CreateFileA
Thread32Next
GetThreadPriority
Thread32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
CreateProcessA
GetModuleFileNameA
VirtualAlloc
LoadLibraryA
ExitProcess
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
SetFilePointer
WriteFile
DeleteFileA
VirtualProtectEx
WriteProcessMemory
CloseHandle
GetCurrentProcessId
CreateMutexA
GetLastError
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
GetSystemDirectoryA
CreateThread

user32

GetWindowThreadProcessId
GetWindowTextA
GetForegroundWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA

wininet

InternetCloseHandle
InternetReadFile

msvcrt

??3@YAXPAX@Z
_strcmpi
_strlwr
_stricmp
wcslen
strcmp
fopen
fread
fclose
strstr
??2@YAPAXI@Z
memcpy
strrchr
memset
strcat
sprintf
strcpy
strlen
atoi
_strupr
strncpy
strchr

Exports

Exports

rrr
sss

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec57ec39fe2f1b1a46d6d3f56d20ed13

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 14KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 14KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB