c8efec67e79b8c05f9974f51f45da086

Sharing

Copy URL Twitter E-mail

General

Target

c8efec67e79b8c05f9974f51f45da086
Size

61KB
MD5

c8efec67e79b8c05f9974f51f45da086
SHA1

2ad856392a1020bdd43a404130c34676f37c8172
SHA256

36726de5e642fa7199779da5cb779d06c46c8dfca5cfab359df409ef45c74f58
SHA512

09affd7049726cd3681e2e88bd3e2cbdeeb2acbddfbb39f1a55907247755c47d6870336750cc46bc55dcc3d0840d149f3afe65cc1bd2cbb1a1c378e12829e40d
SSDEEP

768:wZWRmgvy30OR7tutnqFc7czjKry4YExUZQGhg/BBt8lAMWx7keIDPjMmN:wFgKHR4tngYxuQGhg5olXWgjNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8efec67e79b8c05f9974f51f45da086

Files

c8efec67e79b8c05f9974f51f45da086
.dll windows:4 windows x86 arch:x86

3edce4617873fd8c5ba9ceaa4d272068

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
strcpy
atoi
towlower
tolower
wcsrchr
__dllonexit
rand
srand
_itow
strlen
mbstowcs
strtok
wcstombs
memset
free
malloc
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memmove
??_U@YAPAXI@Z
_onexit
_XcptFilter
_initterm
_local_unwind2
_except_handler3
_amsg_exit
_adjust_fdiv
?terminate@@YAXXZ
??_V@YAXPAX@Z
memcpy
_CxxThrowException

kernel32

GetFileSize
VirtualAlloc
ReadFile
VirtualFree
CreateThread
GetModuleFileNameW
lstrcpyW
lstrlenW
OpenMutexW
WaitForSingleObject
WaitForMultipleObjects
GetExitCodeThread
SetFilePointer
SetEndOfFile
CreateMutexW
ReleaseMutex
GetModuleFileNameA
DisableThreadLibraryCalls
ExitProcess
LoadLibraryW
Sleep
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
lstrcatW
LeaveCriticalSection
GetCurrentThreadId
FlushFileBuffers
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
OpenProcess
RaiseException
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentProcess
FreeLibrary
LoadLibraryA
lstrcmpiW
GetWindowsDirectoryA
GetVolumeInformationA
GetSystemTime
SystemTimeToFileTime
GetTickCount
GetLogicalDriveStringsW
GetDriveTypeW
DeleteFileW
CreateDirectoryW
LocalFree
CreateProcessW
OpenMutexA
OpenEventA
GetCurrentThread
WriteFile
CreateEventW
TerminateProcess
DeleteFileA
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapFree
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
GetVersion
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
GetVersionExA
CloseHandle
DeviceIoControl
CreateFileA
lstrcatA
lstrcpyA
lstrlenA
TerminateThread
SetFileTime

user32

PostMessageA
CallNextHookEx
wsprintfA
CharUpperW
GetSystemMetrics
SetWindowsHookExA

advapi32

RegQueryValueExW
StartServiceA
QueryServiceStatusEx
QueryServiceConfigA
CloseServiceHandle
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueW
RegDeleteValueW
ConvertSidToStringSidW
IsValidSid
SetThreadToken
GetLengthSid
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ChangeServiceConfigA
ControlService
OpenServiceA
OpenSCManagerA
DuplicateTokenEx
SetSecurityInfo
SetEntriesInAclA
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RegSetValueExW

shell32

SHGetFolderPathA
SHGetFolderPathW

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
a
s

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3edce4617873fd8c5ba9ceaa4d272068

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 50KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 50KB

.reloc
Size: 4KB - Virtual size: 3KB