caef8eb837d8235cb0895e9ce0ae29a7

Sharing

Copy URL Twitter E-mail

General

Target

caef8eb837d8235cb0895e9ce0ae29a7
Size

146KB
MD5

caef8eb837d8235cb0895e9ce0ae29a7
SHA1

f044c2a3a21a01e43f3e527ec5a8b3f443ebb949
SHA256

ad5e291c98ddef00da6239c8dcc652767d707607baa53d15abab235101df3dce
SHA512

33b93839d7a6990a4e36cbb422ca00b0ce15db518264603671cab49ff290e37f32f2b8cbb17979b2eb6f4236ca4010a670b322aaccd03d395114786dca120b3f
SSDEEP

3072:22VL66He7Uap4rwP8OXRamwtnWnwUGTD6H3Vs:XVL66HeQTKBPwtnvhy3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
caef8eb837d8235cb0895e9ce0ae29a7

Files

caef8eb837d8235cb0895e9ce0ae29a7
.dll windows:4 windows x86 arch:x86

2b002f396d84848b32781e102bd7ebe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
lstrcatA
ExpandEnvironmentStringsA
lstrcmpiA
ReadFile
CreateFileA
CreateProcessA
GetStartupInfoA
GetSystemTime
CreateThread
FreeLibraryAndExitThread
SetEvent
InitializeCriticalSection
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
ExitThread
CreateRemoteThread
GetProcAddress
GetModuleHandleA
OpenProcess
WriteProcessMemory
VirtualAllocEx
GlobalFree
GetFullPathNameA
GetModuleFileNameA
GlobalAlloc
GetCurrentProcess
TerminateThread
WaitForSingleObject
ResetEvent
SetLastError
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
SetPriorityClass
GetFileSize
GetLogicalDriveStringsA
GetDriveTypeA
EndUpdateResourceA
UpdateResourceA
SizeofResource
BeginUpdateResourceA
LockResource
LoadResource
FreeLibrary
FindResourceA
LoadLibraryA
EnumResourceNamesA
MoveFileA
SetFileAttributesA
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
GetWindowsDirectoryA
CreateMutexA
ReleaseMutex
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
DeleteCriticalSection
OpenFile
GetLastError
SetFilePointer
lstrcpyA
lstrlenA
WriteFile
CloseHandle
GetTickCount
Sleep
GetVersionExA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetCPInfo
FlushFileBuffers
VirtualQuery
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStdHandle
WideCharToMultiByte
ExitProcess
SetStdHandle
TerminateProcess

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

CharUpperBuffA
wsprintfW
wsprintfA

ws2_32

getsockopt
getsockname
inet_ntoa
WSAGetLastError
select
ntohs
__WSAFDIsSet
shutdown
accept
ioctlsocket
recv
WSAStartup
socket
gethostbyname
htons
connect
send
closesocket
WSACleanup
listen
setsockopt
inet_addr
bind

shlwapi

StrToIntA
PathFileExistsA
StrStrA
StrChrA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b002f396d84848b32781e102bd7ebe5

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

shlwapi

wininet

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 33KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 33KB

.reloc
Size: 10KB - Virtual size: 10KB