e05286a6ba62c45b5b3be37fc2ed35c2

General

Target

e05286a6ba62c45b5b3be37fc2ed35c2
Size

95KB
MD5

e05286a6ba62c45b5b3be37fc2ed35c2
SHA1

4c55bc910e78990a39dc4ff71e2e676bfddb53ce
SHA256

5cecd4ac11e536d31f8eb994cfe19d75df0b8b800e0004cc06f1c50fe1e34ba1
SHA512

bc5bcf775e38f87233db458a44145b3d1fad1ce8f40d7ef5509b4fcf5cccfb1d440baf4c58363b32df9653aeaa134e6fb8d0214ed8fa4842895c814ae2e3abe7
SSDEEP

1536:b1Lw426YEhoTDDMfsZYNkwPc/cvi6qx8XmcBLpyskG3NkGUEpzaXgJSjflUWAm7+:C0+T/nZYmwPc/0XmcBLpyD+2NEpzaXg7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e05286a6ba62c45b5b3be37fc2ed35c2

Files

e05286a6ba62c45b5b3be37fc2ed35c2
.dll windows:4 windows x86 arch:x86

679571765e71506b6513f8f6fd1cba95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
Sleep
IsBadReadPtr
WaitForMultipleObjects
WaitForSingleObject
VirtualProtect
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateFileMappingA
MapViewOfFile
LoadResource
LockResource
SizeofResource
FindResourceA
SetEvent
CreateEventA
GetLastError
EnterCriticalSection
LeaveCriticalSection

user32

CallNextHookEx
MessageBoxA

ws2_32

bind
listen
closesocket
select
socket
accept
WSAStartup
shutdown
connect
htons
htonl
ntohl
gethostbyname
recv
send
__WSAFDIsSet

msvcrt

_strcmpi
_mbscoll
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
_mbsicoll
memcpy
_ismbcspace
atoi
_CxxThrowException
_mbsnbicmp
rand
_strlwr
_mbctolower
_ismbcalpha
_ismbcdigit
tolower
isdigit
srand
time
malloc
free
realloc
memset
strlen
isalpha
strtok
_vsnprintf
sprintf
_mbslwr
_mbsstr
_beginthreadex
_mbstok
strstr
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_strdup

Exports

Exports

_CallWndProcHookProc@12

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

679571765e71506b6513f8f6fd1cba95

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 5KB - Virtual size: 4KB