e1d773bb6829a59983add2e7a57e9414

Sharing

Copy URL

Twitter E-mail

General

Target

e1d773bb6829a59983add2e7a57e9414
Size

137KB
MD5

e1d773bb6829a59983add2e7a57e9414
SHA1

6a694d57a14d7324154af132832d0d8fcec77ce2
SHA256

65be47556ba0b5f1193292ebdef1be6b351d1cab723c7155de0d0c3d856ec394
SHA512

7f669427317dab39fc4096e738727dc9e162dd2f44fc2cf5106d27f5fbbae6f7a6e4e4cbbd9982ed7186453eea1b33a9468c1a014ca5142724d841d12c90813c
SSDEEP

3072:LCOccKU7Q/VdWkQD+wDScG2cznwrMrNtZWTvQZf6l:1mVA+fcPxSAifw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1d773bb6829a59983add2e7a57e9414

Files

e1d773bb6829a59983add2e7a57e9414
.dll windows:4 windows x86 arch:x86

9cf0da3b45d94db2688eab4d48fe2383

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
select
inet_ntoa
htonl
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
WSACleanup
closesocket
recv
send
getpeername
ntohl

kernel32

CreateProcessA
GetStartupInfoA
CreatePipe
GetSystemDirectoryA
CreateThread
GetLastError
CreateSemaphoreA
CreateFileW
MoveFileA
CreateDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
lstrlenW
MultiByteToWideChar
lstrlenA
CreateEventW
GetModuleHandleW
WideCharToMultiByte
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
GetTempPathW
GetModuleFileNameW
GetWindowsDirectoryW
SetEvent
GetVersionExW
GlobalMemoryStatus
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VirtualFree
TerminateProcess
GetComputerNameW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
SetHandleCount
GetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
VirtualAlloc
HeapCreate
HeapDestroy
SetFilePointer
DeleteCriticalSection
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
FreeEnvironmentStringsW
GetProcessHeap
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
ExitThread
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
Sleep
ResumeThread
SuspendThread
OpenProcess
WriteFile
CloseHandle
GetModuleFileNameA
lstrcpyW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetLocaleInfoA
GetACP
InterlockedExchange
GetEnvironmentStringsW
InitializeCriticalSection
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFileType

user32

wsprintfW
FindWindowW
MessageBoxA
GetSystemMetrics
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
SetThreadDesktop
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC
ReleaseDC
GetWindowTextA
EnumChildWindows
GetWindowLongW
GetWindowThreadProcessId
GetForegroundWindow
GetKeyState
GetAsyncKeyState
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SetTimer
DefWindowProcW
IsWindow
SendMessageW
GetDesktopWindow
mouse_event
SetCursorPos
keybd_event
OpenDesktopW

gdi32

SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
SelectPalette
RealizePalette
GetDIBits
DeleteObject
GetStockObject
CreateCompatibleDC

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken

shell32

SHFileOperationW
ShellExecuteA

ole32

CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleFileNameExA
EnumProcessModules

avicap32

capCreateCaptureWindowW
capGetDriverDescriptionW

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

Exports

Exports

?TheMainFunction@@YAXPAX@Z

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf0da3b45d94db2688eab4d48fe2383

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

avicap32

wininet

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 10KB - Virtual size: 9KB