c90dca9008a6e1cfe804df835f86aafd

Sharing

Copy URL Twitter E-mail

General

Target

c90dca9008a6e1cfe804df835f86aafd
Size

52KB
MD5

c90dca9008a6e1cfe804df835f86aafd
SHA1

101d05f195d959ae1092337b41ebd4bd0edb9a95
SHA256

dc82653c984e495a2bb3aa7d75ca1c5d028ea2958e25d49cc787dbd350a09aad
SHA512

0d25a37c10e5cb5db72533444ac31fbae62c5826d1465af5ae392776ecbdb134ec842a6dae98add86be3a1ffc42193941ae3fd5565eff6169ac0da075dcec0f6
SSDEEP

1536:CP65hF0M/V9ieUCHfnA5g/erNYqQcU7dcMIPw:CPIvf/aNYqQcU7dcN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c90dca9008a6e1cfe804df835f86aafd

Files

c90dca9008a6e1cfe804df835f86aafd
.dll windows:4 windows x86 arch:x86

7674f160b25a9b77fd04583a0cb98dac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

socket
inet_addr
gethostbyname
gethostbyaddr
WSAStartup
send
recv
closesocket
WSACleanup
connect

kernel32

SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetFilePointer
InitializeCriticalSection
Sleep
CloseHandle
ReadFile
GetFileSize
CreateFileA
HeapSize
GetCurrentThread
OpenProcess
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetLastError
ExitProcess
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TlsFree
SetLastError
TlsGetValue
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers

advapi32

ImpersonateSelf
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken

Exports

Exports

XXInjectAndSendFileXX
XXSendFileXX

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7674f160b25a9b77fd04583a0cb98dac

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB