0fb7678e8ddc977378e5fa4896c2ba0a28357e45b6a1c796dc3defe40aea6086

Sharing

Copy URL Twitter E-mail

General

Target

0fb7678e8ddc977378e5fa4896c2ba0a28357e45b6a1c796dc3defe40aea6086
Size

180KB
MD5

0ac389314ca4d963240c63891b658ce5
SHA1

83f8f599437dee69fc22bba5391f85497f43fd56
SHA256

0fb7678e8ddc977378e5fa4896c2ba0a28357e45b6a1c796dc3defe40aea6086
SHA512

cda976986cf2ce8c5fc44d83b132ab086eb98de74b090dd0f72ee0e6dc4f72a433ec40279850284b42c91636397e466a554302aa87b1ab1e1781a16387f4222f
SSDEEP

3072:buiaXp2NGdDvncOasPT1o1KoZSYKb8Zft1fjE:b7aU8RjesoLKIZrfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb7678e8ddc977378e5fa4896c2ba0a28357e45b6a1c796dc3defe40aea6086

Files

0fb7678e8ddc977378e5fa4896c2ba0a28357e45b6a1c796dc3defe40aea6086
.dll windows:4 windows x86 arch:x86

6f699255f30a866e157095c78febf20c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\CSDVRS\release\DynLib.pdb

Imports

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA
PathAppendA

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryDataAvailable

kernel32

GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
ReadFile
LoadLibraryA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetVersionExA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetProcAddress
GetDateFormatA
GetTimeFormatA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetSystemInfo
GetLocalTime
SystemTimeToFileTime
DeleteFileA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
SetEndOfFile
GetModuleHandleA
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
CloseHandle
GetOEMCP
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

SendMessageA
FindWindowA
GetSystemMetrics

advapi32

QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA

ole32

CoInitialize
CoCreateInstance

Exports

Exports

Alert
Config_Execute
CreateLink
CreateStartupShortcut
CreateTrayIconShortcut
DEBUG
GetActive
GetAuthed
GetBalloonMessage
GetHostList
GetIP
GetOS
GetOSString
GetRCLOE
GetStatus
GetTimestamp
Host_Add
Host_Clean
Host_Find
Host_GetCount
Host_GetDelString
Host_GetIP
Host_GetIPByIndex
Host_GetStatus
Host_GetStatusByIndex
Host_GetText
Host_GetUpdate
Host_GetUpdateByIndex
Host_Remove
Host_SetCount
Host_SetIP
Host_SetStatus
Host_SetText
Host_SetUpdate
IsRunningProcess
IsRunningService
IsValidIP
IssueUpdate
KillStartupShortcut
KillTrayIconShortcut
LogToFile
MergeFiles
NewVersion
SetActive
SetAuthed
SetStatus
StartUpdater
StopUpdater
TellConfig
TellServer
TimeElapsed
TrayIcon_Execute
TrayIcon_Find
TrayIcon_Kill
b64buffer
b64decode
b64encode

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f699255f30a866e157095c78febf20c

Headers

File Characteristics

PDB Paths

Imports

shell32

shlwapi

winhttp

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 9KB