d3b4ed2b92290761887695d189e4ffe5

Sharing

Copy URL Twitter E-mail

General

Target

d3b4ed2b92290761887695d189e4ffe5
Size

148KB
MD5

d3b4ed2b92290761887695d189e4ffe5
SHA1

aaf94bcaa880a8bae2cf15c7ca53b21bd0709216
SHA256

2687b3de960f42ec30ef5228534bfd011cd73ebee9033cd1be0a8e87549d7c7e
SHA512

38418582756e089df074457419ca4097a66856eff4299a1d0345916bc10f084b30a565bdfc22d074f6d656419a1de1cf1d0ff1a63009486df31931c88c1529a3
SSDEEP

3072:FLnHUY6VXwxh5raUOYQc3uCYRc0PFuDa9ZXCYNgT1G0XGw:tUYfLQc3uC2c09u2PhNgJGb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3b4ed2b92290761887695d189e4ffe5

Files

d3b4ed2b92290761887695d189e4ffe5
.dll windows:4 windows x86 arch:x86

0e90fa3cd64baa4e3993cacbefd99d60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA

gdi32

DeleteDC
GetDIBits
CreateFontIndirectA
SetTextColor
SetBkMode
CreateDIBSection
CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetStockObject
SelectPalette
DeleteObject
RealizePalette

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

WSAStartup
socket
WSAGetLastError
ntohs
WSACleanup
send
recv
closesocket
select
inet_addr
gethostbyname
inet_ntoa
setsockopt
htons
connect

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInOpen
waveInClose

kernel32

ExitThread
FreeLibrary
CloseHandle
CreateThread
GetTickCount
GetProcAddress
LoadLibraryA
DeleteFileA
OutputDebugStringA
WriteFile
GetStdHandle
GetVersionExA
GetLastError
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GetModuleHandleA
WinExec
GetCurrentProcessId
GetComputerNameA
CopyFileA
MoveFileExA
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemDefaultLangID
OpenProcess
WaitForSingleObject
CreateRemoteThread
GetVersion
GlobalFree
GlobalReAlloc
Sleep
GlobalLock
GlobalAlloc
GlobalSize
WideCharToMultiByte
TerminateProcess
SetPriorityClass
SuspendThread
Thread32Next
Thread32First
ResumeThread
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetLocalTime
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
MoveFileA
GetFileTime
CreateFileA
SetFileTime
TerminateThread
GetExitCodeThread
LocalFree
LocalAlloc
GetWindowsDirectoryA
GetSystemTime
FreeConsole
WriteProcessMemory
VirtualAllocEx
MultiByteToWideChar
Module32Next
Module32First
GetSystemDirectoryA
SetLastError
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
FileTimeToSystemTime
GetFileSize
InterlockedDecrement
GetPrivateProfileStringA
GlobalUnlock
lstrlenA
GlobalMemoryStatus
CreateMutexA

user32

GetDesktopWindow
RedrawWindow
DrawTextA
SendMessageA
mouse_event
keybd_event
GetDC
ReleaseDC
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
PostMessageA
CloseWindowStation
CloseDesktop
MessageBoxA
ExitWindowsEx
GetForegroundWindow
GetMessageA
PostThreadMessageA
GetSystemMetrics

advapi32

GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegDeleteKeyA
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
OpenServiceA
EnumServicesStatusExA
LookupAccountSidA
RegisterServiceCtrlHandlerA
OpenSCManagerA
DeleteService
SetServiceStatus
CreateServiceA
ChangeServiceConfig2A
QueryServiceStatusEx
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
ControlService

ole32

CoCreateInstance
OleRun
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysAllocString
GetErrorInfo
SysFreeString

msvfw32

ICClose
ICOpen
ICSendMessage
ICCompress
ICImageCompress

msvcrt

strtok
malloc
free
_vsnprintf
fprintf
_strtime
_strdate
strcat
sprintf
strstr
strrchr
fopen
fwrite
fclose
printf
memcmp
strncmp
strchr
memset
strlen
strcpy
memcpy
isdigit
??3@YAXPAX@Z
??2@YAPAXI@Z
_strrev
__CxxFrameHandler
_ftol
strcmp
fread
fseek
abs
wcstombs
_CxxThrowException
strncat
_except_handler3
rand
fputc
fgetc
time
wcslen
_CIacos
_CIpow
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strlwr
strtoul
strncpy
atoi

Exports

Exports

InstallRT
InstallSA
InstallSB
InstallServiceA
InstallServiceB
PSLIST
ServiceMain
UninstallRT
UninstallSA
UninstallSB
UninstallServiceA
UninstallServiceB

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xdoors_d
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e90fa3cd64baa4e3993cacbefd99d60

Headers

File Characteristics

Imports

shell32

gdi32

psapi

ws2_32

winmm

kernel32

user32

advapi32

ole32

oleaut32

msvfw32

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 487KB

xdoors_d Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 487KB

xdoors_d
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 12KB - Virtual size: 8KB