7c6c5cab7aae2e445241237489130d80f66215f00d454c1d77d8c02fc293dadb

Sharing

Copy URL Twitter E-mail

General

Target

7c6c5cab7aae2e445241237489130d80f66215f00d454c1d77d8c02fc293dadb
Size

535KB
MD5

98d7e6debaab939608acc5eb0d83ef9b
SHA1

a0e0a26b9ff761360e2861b4a8ed893482e8495b
SHA256

7c6c5cab7aae2e445241237489130d80f66215f00d454c1d77d8c02fc293dadb
SHA512

b3a0a089dbc88ce3adfa41bcfcfe5970c4f83b65117fe41d37c12c0abd422995a47f1aa14961cfaf32209adf80c26e4be269a96bf398da7c956e61a1cdc7ae2e
SSDEEP

12288:tee8C17SrOT+OeO+OeNhBBhhBBjeI/+HzRBcckWqZxewSu/hg8:teSYqkeI/VW4xewJ/P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c6c5cab7aae2e445241237489130d80f66215f00d454c1d77d8c02fc293dadb

Files

7c6c5cab7aae2e445241237489130d80f66215f00d454c1d77d8c02fc293dadb
.dll windows:5 windows x86 arch:x86

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetStdHandle
GetTickCount
FreeLibrary
GetLastError
CloseHandle
Sleep
WriteFile
GetProfileStringA
SetEnvironmentVariableA
CompareStringW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
WideCharToMultiByte
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
ExitProcess
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
GetStringTypeW
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryW
HeapReAlloc
CreateFileW
SetEndOfFile
GetProcessHeap
InitializeCriticalSection

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus

ws2_32

select
inet_addr
htons
gethostbyname
shutdown
WSAStartup
closesocket

Exports

Exports

ServiceMain
Start

Sections

.scode
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.scode Size: 19KB - Virtual size: 19KB

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 62KB - Virtual size: 62KB

.scode
Size: 19KB - Virtual size: 19KB

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 62KB - Virtual size: 62KB