0bd714b5a16690a5d7d6780bf1a444202f8d5aa263b5b16cdb89d737d9609575

Sharing

Copy URL Twitter E-mail

General

Target

0bd714b5a16690a5d7d6780bf1a444202f8d5aa263b5b16cdb89d737d9609575
Size

25KB
MD5

25fc5e1a112faf416b22f960e1113227
SHA1

eeeb5ee9574e94c92cb738408aefeef00d58ab62
SHA256

0bd714b5a16690a5d7d6780bf1a444202f8d5aa263b5b16cdb89d737d9609575
SHA512

80a4a1d41c4a4ba962f9e75372bfe0ee4bbdb89d9f643c2784f05f1bc37607300b5decc3efd2b22c746277de48cb3c4ceec6d8e0b828ae035b15413d069799d6
SSDEEP

384:jgCUSiP7Rk5JwLHgQjFsRs7TYLt8SIsCjlaYVmm/8c6Rq4ClTDgjDTV69z:jgzPWDwbdihIsYlImk7OTDgjdA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd714b5a16690a5d7d6780bf1a444202f8d5aa263b5b16cdb89d737d9609575

Files

0bd714b5a16690a5d7d6780bf1a444202f8d5aa263b5b16cdb89d737d9609575
.dll windows:4 windows x86 arch:x86

457c1c476dd7628c223987af326d734d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5186
ord1979
ord3318
ord5442
ord540
ord2818
ord941
ord939
ord860
ord665
ord825
ord354
ord535
ord800
ord823
ord537

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_except_handler3
malloc
free
_CxxThrowException
_mbscmp
_purecall
_iob
sprintf
_vsnprintf
fprintf
_stricmp
_beginthreadex
strstr
__CxxFrameHandler
fclose
fopen
_access
strncpy
_strlwr

kernel32

TerminateProcess
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
CreateFileA
SystemTimeToFileTime
DisconnectNamedPipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
InitializeCriticalSection
WriteFile
DeleteCriticalSection
MoveFileA
GetSystemDirectoryA
GetFileTime
GetCurrentProcessId
GetTickCount
WaitForSingleObject
GetFileSize
SetFilePointer
PeekNamedPipe
ReadFile
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
ExitProcess
GetModuleFileNameA
GetLastError
CopyFileA
ExpandEnvironmentStringsA
Sleep
SetFileTime
WaitForMultipleObjects

user32

DefWindowProcA
PostQuitMessage
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
DispatchMessageA
TranslateMessage

gdi32

GetStockObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ws2_32

gethostbyname
WSAGetLastError
shutdown
connect
htons
inet_addr
setsockopt
socket
recv
send
select
closesocket
WSAStartup

iphlpapi

GetAdaptersInfo

Exports

Exports

MyStart

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

457c1c476dd7628c223987af326d734d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB