9f1fef88c8280f937de5e48226581b65cd2a2dafa284644053c89e7d425bc6a8

Sharing

Copy URL Twitter E-mail

General

Target

9f1fef88c8280f937de5e48226581b65cd2a2dafa284644053c89e7d425bc6a8
Size

111KB
MD5

61e4bb0b7ea1d527ed1def16fae7f290
SHA1

c81de9a27f7e8890d30bd9f7ec0f705029b74170
SHA256

9f1fef88c8280f937de5e48226581b65cd2a2dafa284644053c89e7d425bc6a8
SHA512

1acc95364af4865a8d34a949bec4e355018fbb82274ef6f8dcab5830d280187ded99b46c86ed44649655107f83dfd1fcbeb45f428dc5d174794f61eed933733b
SSDEEP

3072:Tnexl80KxB/iBvRR9akT5TjiWNVli1kv6E:Le87xB6vimy1kv6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f1fef88c8280f937de5e48226581b65cd2a2dafa284644053c89e7d425bc6a8

Files

9f1fef88c8280f937de5e48226581b65cd2a2dafa284644053c89e7d425bc6a8
.dll windows:4 windows x64 arch:x64

bac74d7f49968000e2cd67a39ffc0c76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreatePipe
GetEnvironmentVariableA
DeleteFileA
SetFileAttributesA
GlobalMemoryStatusEx
OutputDebugStringA
GetCurrentThread
GetModuleFileNameA
DuplicateHandle
ResumeThread
VirtualAlloc
VirtualProtect
CreateProcessA
ReadFile
FindNextFileA
LoadLibraryA
FreeLibrary
Sleep
IsBadReadPtr
GetVersionExA
GetSystemInfo
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcess
LocalFree
GlobalAlloc
GlobalFree
CreateThread
WaitForSingleObject
GetSystemDirectoryA
GetTickCount
WriteFile
SetFilePointer
GetLastError
FindFirstFileA
FindClose
GetModuleHandleA
GetProcAddress
CreateFileA
GetModuleHandleW
SetLastError
VirtualQuery
LoadLibraryExA
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FlushInstructionCache
DeviceIoControl
CloseHandle
lstrlenA
MultiByteToWideChar
__C_specific_handler
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
VirtualProtectEx
VirtualQueryEx
LeaveCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

user32

LoadCursorA
GetSystemMetrics
RegisterClassA
CreateWindowExA
DefWindowProcA
KillTimer
CharLowerBuffA
SetTimer
TranslateMessage
DispatchMessageA
GetMessageA
LoadIconA
PostMessageA

advapi32

OpenProcessToken
GetTokenInformation
RegCreateKeyExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetAclInformation
GetAce
IsValidSid
GetSecurityDescriptorDacl
GetFileSecurityA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountSidA

ole32

CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

msvcrt

_strcmpi
_onexit
__dllonexit
_initterm
sprintf
sscanf
fopen
fgets
fclose
atoi
_stricmp
toupper
strtok
strcat
strncmp
_snprintf
strncpy
strcpy
malloc
free
memcpy
_strnicmp
??2@YAPEAX_K@Z
strstr
strlen
??3@YAXPEAX@Z
_CxxThrowException
strcmp
printf
srand
rand
time
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
_vsnprintf

opends60

ord26
ord25
ord40
ord41
ord42

ws2_32

getpeername
WSAAsyncSelect
WSAStartup
WSAEventSelect
ioctlsocket
socket
select
__WSAFDIsSet
recv
send
WSAGetLastError
WSASetLastError
setsockopt
gethostname
gethostbyname
inet_ntoa
WSASocketA
htons
inet_addr
ntohs
WSAAsyncGetHostByName
connect
closesocket
bind
htonl
ntohl
WSASendTo
WSASend
getsockname
WSARecv
WSARecvFrom
WSACleanup
shutdown
WSAAccept
listen
WSAIoctl

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA

gdi32

GetStockObject

Exports

Exports

sql_ep_door

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac74d7f49968000e2cd67a39ffc0c76

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

opends60

ws2_32

wininet

gdi32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 13KB

.pdata Size: 3KB - Virtual size: 3KB

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 13KB

.pdata
Size: 3KB - Virtual size: 3KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1KB - Virtual size: 1KB