302797470d400e5e15fa031d0b6cfa1455ca8f967f4e17a9a158d5df450f52f7

Sharing

Copy URL Twitter E-mail

General

Target

302797470d400e5e15fa031d0b6cfa1455ca8f967f4e17a9a158d5df450f52f7
Size

535KB
MD5

863956b385bfc84dfb085321fff2d259
SHA1

19255475137f1369924389b51500cb0114de65f7
SHA256

302797470d400e5e15fa031d0b6cfa1455ca8f967f4e17a9a158d5df450f52f7
SHA512

18bd82a1e505043c98134e164456ced6e03e837794ac73cf3731f7415b505f17e08f7b3e15975ac42d427df172e7bba46af7cc1480b465c0ef6485539b9a362e
SSDEEP

12288:tee8C17SrOT+OeO+OeNhBBhhBBjeI/+HzRBcckWqZxewSu/hu8:teSYqkeI/VW4xewJ/9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
302797470d400e5e15fa031d0b6cfa1455ca8f967f4e17a9a158d5df450f52f7

Files

302797470d400e5e15fa031d0b6cfa1455ca8f967f4e17a9a158d5df450f52f7
.dll windows:5 windows x86 arch:x86

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetStdHandle
GetTickCount
FreeLibrary
GetLastError
CloseHandle
Sleep
WriteFile
GetProfileStringA
SetEnvironmentVariableA
CompareStringW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
WideCharToMultiByte
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
ExitProcess
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
GetStringTypeW
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryW
HeapReAlloc
CreateFileW
SetEndOfFile
GetProcessHeap
InitializeCriticalSection

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus

ws2_32

select
inet_addr
htons
gethostbyname
shutdown
WSAStartup
closesocket

Exports

Exports

ServiceMain
Start

Sections

.scode
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.scode Size: 19KB - Virtual size: 19KB

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 62KB - Virtual size: 62KB

.scode
Size: 19KB - Virtual size: 19KB

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 62KB - Virtual size: 62KB