c6a2c7ab9bb3ecedc24973edc30820e0

Sharing

Copy URL Twitter E-mail

General

Target

c6a2c7ab9bb3ecedc24973edc30820e0
Size

39KB
MD5

c6a2c7ab9bb3ecedc24973edc30820e0
SHA1

9a1b130b8f3979d56dfee13f4ce27cf2461a946b
SHA256

eaa19448ca7c02e95ef430181ca16e5a4201329922513bb70cb7f1703293e228
SHA512

e1b5bffb39d50b31ca17590c12fc863b93b31b0e7304177d1c6c41a0a199ad43ba538de3c5d84570ad47ecda848fdfe81b5acc9e2a6ada1b292e6aa4d1ec3bec
SSDEEP

768:qURY2qmcgrABfSzlPUPdFyBE+iNGofun88Xxrz15G5M:qUhhAZSzlSKE+iwP8Cl5G5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6a2c7ab9bb3ecedc24973edc30820e0

Files

c6a2c7ab9bb3ecedc24973edc30820e0
.dll windows:4 windows x86 arch:x86

81501027c1a5f18866cdef51a0f3d24f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrCmpNIA
PathFileExistsA
StrChrA
SHDeleteKeyA
StrRChrA
StrStrA
StrStrIA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile

urlmon

URLDownloadToFileA

kernel32

lstrcatA
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateEventA
GetVolumeInformationA
Sleep
ReadFile
SetFilePointer
CreateFileA
GetCurrentProcess
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateMutexA
LoadLibraryA
VirtualAlloc
VirtualFree
SystemTimeToFileTime
GetSystemTime
GetVersionExA
lstrcmpiA
GetModuleFileNameA
ExitProcess
MoveFileA
GetTickCount
CreateProcessA
FreeLibrary
CopyFileA
GetTempPathA
GetSystemDirectoryA
VirtualProtect
FlushInstructionCache
SetLastError
ReleaseMutex
OpenMutexA
WriteFile
OutputDebugStringA
lstrcpynA
HeapAlloc
GetProcessHeap
GetFileSize
FreeLibraryAndExitThread
FileTimeToSystemTime
GetSystemTimeAsFileTime
LocalFree
SetEndOfFile
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
lstrcmpA
TerminateThread
TerminateProcess
OpenSemaphoreA
CreateToolhelp32Snapshot
Process32First
lstrlenA
Process32Next
CloseHandle
lstrcpyA
CreateThread

user32

CharLowerA
CreateWindowExA
SetWindowLongA
PeekMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
CharUpperA
wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
SetEntriesInAclA
SetNamedSecurityInfoA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA
RegQueryValueA

ole32

CoCreateGuid

Exports

Exports

DllCanUnloadNow
DllGetClassObject
a
f
h
o
s

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81501027c1a5f18866cdef51a0f3d24f

Headers

File Characteristics

Imports

shlwapi

wininet

urlmon

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.bss Size: - Virtual size: 75KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 673B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 19KB

.bss
Size: - Virtual size: 75KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 673B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB