554a37383a7e64de3f226a65cd22c6b53f2f48f612146f32d89796e1d2de223a

Sharing

Copy URL Twitter E-mail

General

Target

554a37383a7e64de3f226a65cd22c6b53f2f48f612146f32d89796e1d2de223a
Size

31KB
MD5

c74a61d8257d3894ccfd773937d095f0
SHA1

e8cced00055d13cd10c60dc9dd0b0f19fc28cf6f
SHA256

554a37383a7e64de3f226a65cd22c6b53f2f48f612146f32d89796e1d2de223a
SHA512

af8730f5e9eeef20fdf354af9337af1043abf919c9ae0b7435989fee686ba2d4c534efb12a2e964c008bd49aee85909d15d70a3b119786c103de0311e53e1348
SSDEEP

768:gG1pWpcGwQwAgdwWyU38qHsGyxP7LyqclBuM:Fp8cG/wAc61CBuM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
554a37383a7e64de3f226a65cd22c6b53f2f48f612146f32d89796e1d2de223a

Files

554a37383a7e64de3f226a65cd22c6b53f2f48f612146f32d89796e1d2de223a
.dll windows:4 windows x86 arch:x86

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileStringA
SetFileTime
SystemTimeToFileTime
GetSystemTime
ExpandEnvironmentStringsA
GetLocalTime
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetFileTime
GetSystemDirectoryA
MoveFileA
DeleteFileA
DuplicateHandle
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
WriteFile
DisconnectNamedPipe
WriteProfileStringA
CreateProcessA
CreatePipe
Process32Next
Process32First
CreateToolhelp32Snapshot
PeekNamedPipe
SetFilePointer
GetCurrentProcessId
Sleep
CreateEventA
WaitForMultipleObjects
CreateFileA
GetFileSize
ReadFile
GetCurrentProcess
GetLastError
InitializeCriticalSection
CloseHandle
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetTickCount
DeleteCriticalSection
OpenProcess

advapi32

RegCloseKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

??3@YAXPAX@Z
_purecall
strncpy
strstr
sprintf
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
_beginthreadex
atoi
strrchr
localtime
fclose
fprintf
fopen
_vsnprintf
_access
fwrite
rand
srand
time
fread
ftell
fseek
fgets
_iob
free
malloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strlwr

ws2_32

closesocket
connect
gethostbyname
htons
inet_addr
socket
recv
select
send
setsockopt
WSAStartup
shutdown

iphlpapi

GetAdaptersInfo

Exports

Exports

MyStart

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB