739da6117c75cc61c62bc87e149c9aa91e2b4d1d842d7c3ab7fb30a7a498a6ee

Sharing

Copy URL

Twitter E-mail

General

Target

739da6117c75cc61c62bc87e149c9aa91e2b4d1d842d7c3ab7fb30a7a498a6ee
Size

70KB
MD5

0d4d6b3a44ba79fcc5209a05f54b5c19
SHA1

d0e3b6c0433d256779c4efe8b018d20161944219
SHA256

739da6117c75cc61c62bc87e149c9aa91e2b4d1d842d7c3ab7fb30a7a498a6ee
SHA512

c31c801b0e267ad4e2a1cdee5956be87d9e726601fb1640294ee61958973c8095fce98cbfde15064ea9fe91c4862a31a4a74ca2b60a0f76d62071cefeb27d63c
SSDEEP

1536:N1DNRG97zFFsqrsYZB1atTrFZC2Re+IwM3VJejesap:7DuJpF33H18oTpsSsap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
739da6117c75cc61c62bc87e149c9aa91e2b4d1d842d7c3ab7fb30a7a498a6ee

Files

739da6117c75cc61c62bc87e149c9aa91e2b4d1d842d7c3ab7fb30a7a498a6ee
.dll windows:4 windows x86 arch:x86

65ab8312656177202b4410ce3a5cdbb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegCloseKey
RegSetValueExA
RegOpenKeyExA
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
OpenEventLogA

ws2_32

closesocket
WSAGetLastError
send
recv
select
socket
inet_addr
htons
gethostbyname
connect
WSAStartup
shutdown

iphlpapi

GetAdaptersInfo

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
CloseHandle
GetLastError
GetCurrentProcess
ReadFile
GetFileSize
CreateFileA
WaitForMultipleObjects
CreateEventA
Sleep
GetProfileStringA
SetFileTime
SystemTimeToFileTime
GetSystemTime
ExpandEnvironmentStringsA
GetModuleFileNameA
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
InitializeCriticalSection
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetFileTime
GetSystemDirectoryA
MoveFileA
DeleteFileA
DuplicateHandle
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
WriteFile
DisconnectNamedPipe
WriteProfileStringA
CreateProcessA
CreatePipe
Process32Next
Process32First
CreateToolhelp32Snapshot
PeekNamedPipe
SetFilePointer
WaitForSingleObject
GetTickCount
GetCurrentProcessId
DeleteCriticalSection
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
RtlUnwind
GetFileAttributesA
GetTimeZoneInformation
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP

Exports

Exports

MyStart

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65ab8312656177202b4410ce3a5cdbb1

Headers

File Characteristics

Imports

advapi32

ws2_32

iphlpapi

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 13KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 13KB

.reloc
Size: 5KB - Virtual size: 5KB