cf37f1fe02fb90b2565715f3265bda2509c0d67828f3996c5c29c4bab4cb4772

Sharing

Copy URL Twitter E-mail

General

Target

cf37f1fe02fb90b2565715f3265bda2509c0d67828f3996c5c29c4bab4cb4772
Size

167KB
MD5

d14966b7743dc6e43a36f4f297a5b201
SHA1

e85468a58db00a5415e803501ab6b17ccae89477
SHA256

cf37f1fe02fb90b2565715f3265bda2509c0d67828f3996c5c29c4bab4cb4772
SHA512

feca0462e50f78b64fe052e8cb315170d3d6d6dde1369f2d07f1f281bcfc869e045428702e0fe915f702c19ec6c4a749e17fe434c9badf0ad78a08b42977d96b
SSDEEP

3072:EHFZsFgGSH+IpHiE5W3sZXZ70mAe/ujvifhZl5j7:EHFZsEe8iTclF/uj6pZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf37f1fe02fb90b2565715f3265bda2509c0d67828f3996c5c29c4bab4cb4772

Files

cf37f1fe02fb90b2565715f3265bda2509c0d67828f3996c5c29c4bab4cb4772
.dll windows:5 windows x86 arch:x86

0098be3d480f18118b680b6778507067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord17
ord145
ord8
ord74
ord125
ord103

netapi32

Netbios

kernel32

CreateFileA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
LoadLibraryA
DnsHostnameToComputerNameW
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CreateProcessW
FindClose
FindNextFileW
GetLastError
FindFirstFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
GetTempPathW
lstrlenW
CloseHandle
TlsSetValue
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsFree
SetLastError
HeapAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

SetNamedSecurityInfoW

Exports

Exports

ConfigDisplayStyle
H2RegRegister
H2RegUnregister
UpdatePhpIniTB
ValidateHostName

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0098be3d480f18118b680b6778507067

Headers

File Characteristics

Imports

msi

netapi32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 8KB - Virtual size: 8KB