d374b83a6cc0ce66a3b742246b409fd8

Sharing

Copy URL Twitter E-mail

General

Target

d374b83a6cc0ce66a3b742246b409fd8
Size

97KB
MD5

d374b83a6cc0ce66a3b742246b409fd8
SHA1

a1bb1f7cbe65e1fa9973a4325c7dedb9b433f828
SHA256

a20c72207aa7885c28a2e699b9aea79f07f8543f5d0ec42d98ae920d60f96e82
SHA512

12a7450208d97ae0efad05effb8c81a6e8acd58e7cd97bb4e9aaa4c8817a169a797d8075eb48f877d3801d76d15b3384bff35c2fc5cbae57e8cf0b24d98a68d0
SSDEEP

1536:ppzZukTSV0CkjThOQK7U0HTicsFyfCDfcneFn2LF/3lyq3uWPRmCr:pnukW0CkoQUdThKpUFflyq3uWPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d374b83a6cc0ce66a3b742246b409fd8

Files

d374b83a6cc0ce66a3b742246b409fd8
.dll windows:4 windows x86 arch:x86

2c564c07b65cc4ba6b062bb0b24830f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
VirtualProtectEx
GetTickCount
VirtualProtect
lstrlenA
GetModuleHandleA
GlobalFree
SetFilePointer
lstrcatA
GlobalAlloc
lstrlenW
CreateRemoteThread
VirtualAlloc
ReadFile
GetFileSize
VirtualFree
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetCurrentProcess
TerminateProcess
GlobalReAlloc
GlobalLock
GlobalSize
GlobalMemoryStatus
GlobalUnlock
GetEnvironmentVariableA
GetStartupInfoA
CreatePipe
GetCurrentDirectoryA
GetSystemWindowsDirectoryA
GetVersionExA
RtlUnwind
GetCommandLineA
InterlockedExchange
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
Process32First
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
UnhandledExceptionFilter
IsBadWritePtr
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
MultiByteToWideChar
Process32Next
OpenProcess
GetACP
WideCharToMultiByte
GetFileTime
SetFileTime
RemoveDirectoryA
CreateDirectoryA
SetFileAttributesA
MoveFileExA
FindNextFileA
GetDriveTypeA
GetLocalTime
GetTempPathA
GetLongPathNameA
FindFirstFileA
DeleteFileA
FindClose
CreateProcessA
CreateFileA
WriteFile
LocalFree
FormatMessageA
SetLastError
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
FreeLibrary
GetModuleFileNameA
GetCurrentThreadId
CreateMutexA
ReleaseMutex
CloseHandle
GetSystemDirectoryA
CreateThread
WaitForSingleObject
GetCurrentProcessId
OpenMutexA
GetLastError
Sleep
LoadLibraryA
LCMapStringW
GetProcAddress

user32

GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
GetSystemMetrics
CloseDesktop
CloseWindowStation
FindWindowA
GetDesktopWindow
ShowCursor
GetDC
GetWindowDC
ReleaseDC
mouse_event
SetCursorPos
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
ClipCursor
SetWindowPos
ShowWindow
wsprintfA
EnableWindow
ExitWindowsEx
MessageBoxA
GetActiveWindow
wsprintfW
GetWindowTextA
LockWorkStation
IsRectEmpty

gdi32

DeleteObject
GetStockObject
GetObjectA
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette

advapi32

CloseEventLog
RegOpenKeyA
GetUserNameA
RegQueryValueExA
RegCreateKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
QueryServiceStatus
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
LookupAccountSidA
ClearEventLogA
OpenEventLogA
LsaNtStatusToWinError
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
GetTokenInformation

shell32

ShellExecuteA

ws2_32

select
listen
bind
ioctlsocket
socket
gethostbyname
gethostname
recv
WSACleanup
accept
getsockopt
inet_ntoa
WSAStartup
closesocket
inet_addr
setsockopt
connect
send
htons

urlmon

URLDownloadToFileA

wininet

GetUrlCacheEntryInfoA

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

psapi

GetModuleFileNameExA
EnumProcessModules

avicap32

capGetDriverDescriptionA

Exports

Exports

Entry
GetStatus
InstallHook
Run
UnHook
_EventLogon@4
_EventStartup@4

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c564c07b65cc4ba6b062bb0b24830f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

urlmon

wininet

imm32

psapi

avicap32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 9KB - Virtual size: 22KB

.sdata Size: 512B - Virtual size: 20B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 9KB - Virtual size: 22KB

.sdata
Size: 512B - Virtual size: 20B

.reloc
Size: 8KB - Virtual size: 7KB