c998b994d81a68a0bd92d8ae2a621ed6

Sharing

Copy URL Twitter E-mail

General

Target

c998b994d81a68a0bd92d8ae2a621ed6
Size

47KB
MD5

c998b994d81a68a0bd92d8ae2a621ed6
SHA1

ae0b4b7960f2265a688d7e428929675cae246d9c
SHA256

27fe56126f4f46f04bc199b3f59c1b157263dc29ab69e38f859ce45d7df0afed
SHA512

1077c7229ebc2d0458edc190ef3a63650dfa8734ea4d24a75a7a24c4ba622bb1db6cbe218caf4c5bca772a451c512309a437fb21a8b73caa74b26000041d3ab3
SSDEEP

384:J1l4CSx/Hqw2MQf30lFgxfzZt5zabWmeLr+4L9LULD3pWFW42MNvWiW4W:J1l4CsyfzZt52de2t3ipW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c998b994d81a68a0bd92d8ae2a621ed6

Files

c998b994d81a68a0bd92d8ae2a621ed6
.dll windows:4 windows x86 arch:x86

b109b38ce0c5c2c6f85f7be07562de0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
FindFirstFileA
lstrcpyA
MultiByteToWideChar
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CopyFileA
CreateThread
VirtualProtect
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
CreateFileA
FindClose

advapi32

RegQueryValueExA
RegOpenKeyA

shell32

DoEnvironmentSubstA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcrt

_adjust_fdiv
_initterm
strncat
memcpy
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
free
malloc
fclose
memcmp
strncmp
strlen
fread
fopen
strstr
_strlwr
sprintf
strcat
strcpy
strcmp
_except_handler3
wcsncmp
wcslen
__CxxFrameHandler
atoi

wininet

HttpSendRequestA
InternetCloseHandle
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA

shlwapi

PathFileExistsA

Exports

Exports

FaxiMonitorStartup
WowCancle
WowCheckPro
WowCommit
WowMxCheck
WowMxLCheck
WowMxRCheck
WowProtecter

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b109b38ce0c5c2c6f85f7be07562de0a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

msvcrt

wininet

shlwapi

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 1KB