c444d8fbbc2644b73d506a91cd88625f

Sharing

Copy URL

Twitter E-mail

General

Target

c444d8fbbc2644b73d506a91cd88625f
Size

132KB
MD5

c444d8fbbc2644b73d506a91cd88625f
SHA1

d692626b77cffebd362d4ff5206db6b7e7211116
SHA256

540453f6d664ad48315681076777c846986c105483163c1fff001f7f5d7e71ad
SHA512

41358137e638f1ffd95356e666b224a0fa7aa9d1e3e825f3136ca1989c8179d2d4fe5874518e7aae716adf7ceda3c1c4746d9208a26dee361e77c55cc1fc9073
SSDEEP

3072:f+UoWJchAdvNIF4ktORakv3nOY3TBfCeZeTdw/gQyVI:RKAdK4JXx3TBqHC/3MI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c444d8fbbc2644b73d506a91cd88625f

Files

c444d8fbbc2644b73d506a91cd88625f
.dll windows:4 windows x86 arch:x86

cbeb2e87816cc670beedc0a46625cb67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_snprintf
_strnicmp
strlen
strstr
_stricmp
memcmp
atoi
_itoa
memcpy
_ultoa
tolower
memset
_chkstk
_allmul
_alldiv

msvcrt

strtok

ws2_32

WSASocketW
listen
WSASend
WSAGetLastError
WSAWaitForMultipleEvents
WSAIoctl
setsockopt
bind
closesocket
WSARecv
WSACreateEvent
WSAGetOverlappedResult
ntohl
WSASetLastError
getsockname
ntohs
shutdown
WSAStartup

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetConnectA
InternetSetOptionA
HttpAddRequestHeadersA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA

kernel32

WaitForMultipleObjects
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
RemoveDirectoryA
TransactNamedPipe
HeapSetInformation
HeapCreate
FindFirstFileA
HeapDestroy
HeapFree
WaitNamedPipeA
FindNextFileA
SetNamedPipeHandleState
HeapAlloc
GetSystemDirectoryA
GetVersionExA
FindClose
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
ExitProcess
GetFileAttributesExA
SetFileAttributesA
CreateDirectoryA
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedExchange
CreateEventA
ProcessIdToSessionId
Process32Next
Process32First
WriteProcessMemory
VirtualAllocEx
Thread32Next
GetModuleHandleA
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
CloseHandle
OpenThread
GetCurrentProcessId
GetFileSize
lstrcpyA
ReadFile
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
lstrcatA
GetLocalTime
WaitForSingleObject
OpenMutexA
InterlockedCompareExchange
lstrlenA
CreateMutexA
SetEvent
TerminateThread
Sleep
OutputDebugStringA
DuplicateHandle
GetExitCodeThread
FlushFileBuffers
ReleaseMutex
OpenEventA
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCurrentThread
VirtualFree
GetLastError
GetFileInformationByHandle
SystemTimeToFileTime
lstrcmpiA
GetSystemTime
GetCurrentProcess
WriteFile
EnterCriticalSection
CreateFileA
CreateThread
VirtualFreeEx
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
PeekNamedPipe
lstrcmpA
SetFilePointer
SetEndOfFile
GetTempFileNameA
DeleteCriticalSection
GetTempPathA
FlushInstructionCache
VirtualQuery
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualProtect
SetLastError
lstrcmpW
MultiByteToWideChar
DeleteFileA
CreateProcessA
GetTickCount
GetFileAttributesA
LoadLibraryA
CreateRemoteThread
OpenProcess

user32

SetForegroundWindow
ShowWindow
PeekMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
wsprintfA
DispatchMessageA

advapi32

OpenSCManagerA
CloseServiceHandle
OpenServiceA
ControlService
ChangeServiceConfigA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DllGetClassObject
EventStartup

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbeb2e87816cc670beedc0a46625cb67

Headers

File Characteristics

Imports

ntdll

msvcrt

ws2_32

wininet

oleaut32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 6KB