ca15817517dea7dc1ee06a86f762e14f

General

Target

ca15817517dea7dc1ee06a86f762e14f
Size

15KB
MD5

ca15817517dea7dc1ee06a86f762e14f
SHA1

eac3be889874f4a7d98cf251f5c9f1c16a728f80
SHA256

001b7e5fa463b84eb5700bfc886e20a4033c0660e4ca710a9e8a9fa2177edc8a
SHA512

f2a4973f574f2cb401e9c8ebf25a50d5d0f29fa63ba73318b5904f6ea7a150647e4f88da4bab78a69802666aa4ccf1792ef644dde051f19f664ced91f0f21eaf
SSDEEP

192:67oBHL+ZKXhUHV5Fi2CMHVTEAC/904PGODSFDRwh0u09ezluo:6fKKHVH/HVAACl7PGOoDXkzl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca15817517dea7dc1ee06a86f762e14f

Files

ca15817517dea7dc1ee06a86f762e14f
.dll windows:4 windows x86 arch:x86

1ed82b783a4c63a388067847d9591556

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocEx
GetProcAddress
GetModuleHandleA
FindClose
FindNextFileA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
VirtualProtectEx
LoadLibraryA
Module32Next
Module32First
ReadFile
GetModuleFileNameA
VirtualFreeEx
WriteProcessMemory
CreateThread
Sleep
WinExec
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcess
CreateMutexA
GetLastError
ReleaseMutex
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
lstrlenA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
GetTempPathA

user32

MapVirtualKeyA
ToAscii
wsprintfA
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shlwapi

StrStrIA

wininet

InternetCloseHandle

msvcrt

??2@YAPAXI@Z
memcpy
_purecall
strcmp
strstr
strncat
strcat
memset
strcpy
sprintf
??3@YAXPAX@Z

Sections

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ed82b783a4c63a388067847d9591556

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Sections

.bss Size: - Virtual size: 18KB

.data Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 1KB