d61c76b1dd393112c96b6f23a60cb775

Sharing

Copy URL

Twitter E-mail

General

Target

d61c76b1dd393112c96b6f23a60cb775
Size

29KB
MD5

d61c76b1dd393112c96b6f23a60cb775
SHA1

c669e16e9b9e0a59c9e73627a62c294c0c81e857
SHA256

4123492e518b7c5a466947652e5290829e4529fd69886369606c9c7bae133e76
SHA512

e576632d8aee45d2dd3f182f9a74a40b76b8038a1e9526b537ec38269aec94787cbf414a17ea47066219d02d4fc4af4b4954143272aeb58677d7f5ce52b2c769
SSDEEP

384:yvOXEyKZxxojJEiihVSNIxVwjURqG6syJNDG8eAMCttog4K+KWEcxrz/W6WWXrut:yrjMjURqhZDDteAM9zjEMrzFf6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61c76b1dd393112c96b6f23a60cb775

Files

d61c76b1dd393112c96b6f23a60cb775
.dll windows:4 windows x86 arch:x86

17390e48654cd11c641ea30919b83dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
CloseHandle
lstrlenW
lstrlenA
lstrcpynA
lstrcpyW
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WinExec
WideCharToMultiByte
VirtualProtect
TerminateThread
Sleep
SetFilePointer
ReadFile
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
GetProcAddress
GetModuleFileNameA
GetFileSize
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FindAtomA
CreateFileA
CreateProcessA
CreateThread
DeleteAtom
DeleteFileA
ExitProcess
ExitThread
AddAtomA

ole32

CreateStreamOnHGlobal

gdi32

CreateBitmap
SetBkMode
SetBkColor
SelectObject
GetObjectA
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontA
CreateCompatibleDC
BitBlt

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

user32

GetDesktopWindow
GetForegroundWindow
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IsWindow
IsWindowVisible
OpenClipboard
ReleaseDC
GetClipboardData
SetWindowLongA
keybd_event
GetClientRect
GetClassNameA
CloseClipboard
CreateWindowExA
DrawTextA
EnumChildWindows
EnumWindows
ExitWindowsEx
SendMessageA
FillRect

wininet

InternetReadFile
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathIsDirectoryA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreA
PFXExportCertStoreEx
CertAddCertificateContextToStore

Exports

Exports

s

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17390e48654cd11c641ea30919b83dea

Headers

File Characteristics

Imports

kernel32

ole32

gdi32

advapi32

user32

wininet

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 116KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 116KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 2KB - Virtual size: 2KB