69301c671e3720a72c5d6a2ac82ec59f0cdefd2c907b3a4475987612f15d6226

General

Target

69301c671e3720a72c5d6a2ac82ec59f0cdefd2c907b3a4475987612f15d6226
Size

28KB
MD5

7fca87c8ec536545f88117b1a32def62
SHA1

dc347398c9bd3fd2e24d634af8e00af4d9c95dcc
SHA256

69301c671e3720a72c5d6a2ac82ec59f0cdefd2c907b3a4475987612f15d6226
SHA512

c97bd4076f3008570453c1e018a3e2d5ad0856a83cbd234978a65078ff0709e97d6e973dbeabbd870a99f91d3dc1c888415e5d2939e28b56e48701fd2d3dab6c
SSDEEP

384:6B0wjhgvb6E0IXBBy//Zcf2e9Rg3G8v/HI9Q:6BbjhzE1OpI2eQG8v/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69301c671e3720a72c5d6a2ac82ec59f0cdefd2c907b3a4475987612f15d6226

Files

69301c671e3720a72c5d6a2ac82ec59f0cdefd2c907b3a4475987612f15d6226
.dll windows:4 windows x86 arch:x86

48d83c90127dce41ef9bc5c71f26fbee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord354
ord5186
ord665
ord6385
ord1979
ord5572
ord2915
ord823
ord825
ord858
ord860
ord540
ord537
ord535
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
fwrite
_vsnprintf
fopen
_strtime
_strdate
fprintf
wcstombs
strncpy
fclose
_iob
strchr
rand
sprintf
__CxxFrameHandler
time
srand
atoi
strstr
_beginthreadex
_strlwr

kernel32

GetProcAddress
Process32First
GetExitCodeThread
OpenProcess
Process32Next
GetLastError
GetProcessHeap
HeapAlloc
Sleep
FreeConsole
ExpandEnvironmentStringsA
CloseHandle
WaitForSingleObject
GetCurrentProcess
LocalFree
LoadLibraryA
CreateProcessA
DeleteFileA
CreateThread
HeapFree

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
SetServiceStatus
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
ConvertSidToStringSidA
EqualSid
GetTokenInformation
RegisterServiceCtrlHandlerA

wininet

InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCloseHandle

Exports

Exports

ComeOn
ServiceMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d83c90127dce41ef9bc5c71f26fbee

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 944B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 944B