00ea65f5124ce361ad9ab628f99681fb0428b9058bafc2ca38cc082eb93965c9

Sharing

Copy URL Twitter E-mail

General

Target

00ea65f5124ce361ad9ab628f99681fb0428b9058bafc2ca38cc082eb93965c9
Size

32KB
MD5

04d52322e3d70c04f6707e7400872cdd
SHA1

555c92dac144616b2fbea31d226f3d6eb0bb93fa
SHA256

00ea65f5124ce361ad9ab628f99681fb0428b9058bafc2ca38cc082eb93965c9
SHA512

076405752996980465ac83cfc59ede0074f714320e885d81cd50cbe685ccfadd73d61bdf53b935432aa00417d83b4432f7de7d09e2e0ab713afde595e66c6906
SSDEEP

768:YYmkFrKm35ztdVPfcsmiyrdKWt5B79bTrLDQEnQZPO5OG:FFrK65ztdVMji8p5BN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00ea65f5124ce361ad9ab628f99681fb0428b9058bafc2ca38cc082eb93965c9

Files

00ea65f5124ce361ad9ab628f99681fb0428b9058bafc2ca38cc082eb93965c9
.dll windows:4 windows x86 arch:x86

e3ac00f6dc58a863b0cdac2494249ed2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
FlushFileBuffers
WriteFile
GetLocalTime
EnterCriticalSection
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
QueryPerformanceCounter
ExpandEnvironmentStringsA
GetSystemDefaultLangID
GetVersionExA
GetCurrentProcessId
OpenProcess
TerminateProcess
GetHandleInformation
SetFileTime
GetFileTime
GetFileSize
CreateProcessA
DisconnectNamedPipe
CreatePipe
WaitForMultipleObjects
ReadFile
PeekNamedPipe
DeleteFileA
OutputDebugStringA
CreateFileA
GetCurrentProcess
DuplicateHandle
CloseHandle
ExitProcess
GetModuleFileNameA
WaitForSingleObject
FreeConsole
Sleep
GetSystemDirectoryA

user32

LoadIconA
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA

ws2_32

gethostbyname
inet_ntoa
gethostname

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_adjust_fdiv
malloc
_initterm
free
_iob
sscanf
fscanf
printf
srand
rand
??2@YAPAXI@Z
strchr
_vsnprintf
_beginthreadex
wcstombs
strncpy
strstr
fclose
fwrite
fopen
__CxxFrameHandler
_strlwr
sprintf
_purecall

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA

Exports

Exports

ServiceMain
Start

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ac00f6dc58a863b0cdac2494249ed2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

msvcp60

msvcrt

wininet

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB