80dc75b9bcb119d596714caa2754d4f13a73601981b0e635fb93974b646240d7

Sharing

Copy URL Twitter E-mail

General

Target

80dc75b9bcb119d596714caa2754d4f13a73601981b0e635fb93974b646240d7
Size

77KB
MD5

5beade9f8191c6a9c47050d4e3771b80
SHA1

f9405dde085d8321c6f7c5c778913288346d7a27
SHA256

80dc75b9bcb119d596714caa2754d4f13a73601981b0e635fb93974b646240d7
SHA512

7cd09ae80083bc2a95a07b94011c112021d6b65402f9777ea6cb624062af3ceadc349a198ef6a0740399fb2337a2531f93af6cc9a607c261bb0c43f220594c20
SSDEEP

1536:KVlVVT64wbkdRy19ghKBwPvzgKWDvdLu:KfVp9wA2QhKBw3zgKWDvd6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80dc75b9bcb119d596714caa2754d4f13a73601981b0e635fb93974b646240d7

Files

80dc75b9bcb119d596714caa2754d4f13a73601981b0e635fb93974b646240d7
.dll windows:6 windows x86 arch:x86

9b127f828272d855c54beadf5b734b81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\PcVirus\acks\ACKS_2012\ACKS_2012\Release\hvncengine.pdb

Imports

ws2_32

recv
freeaddrinfo
socket
getaddrinfo
WSAStartup
connect
closesocket
send

wininet

InternetConnectA
InternetReadFile
InternetSetOptionExA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetQueryDataAvailable
InternetCloseHandle

kernel32

CompareStringEx
GetStringTypeW
RtlUnwind
HeapReAlloc
FreeEnvironmentStringsW
WaitForSingleObject
GetWindowsDirectoryA
Sleep
CreateProcessA
GetExitCodeThread
CloseHandle
GetVersionExA
CreateFileA
GetLastError
DeviceIoControl
GetModuleFileNameA
GetFileSize
WriteFile
ReadFile
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitOnceExecuteOnce
GetFileType
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetStdHandle
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RaiseException
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
LCMapStringEx
OutputDebugStringW
LoadLibraryW
SetEnvironmentVariableA
GetConsoleCP
SetFilePointerEx
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
GetProcAddress
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedIncrement
SetLastError
GetCommandLineA
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
InterlockedDecrement
HeapAlloc
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
HeapFree

user32

GetMonitorInfoA
MoveWindow
FindWindowA
PostMessageA
SetThreadDesktop
GetWindowLongA
IntersectRect
SetWindowLongA
GetWindowPlacement
ChildWindowFromPoint
GetDC
PtInRect
SendMessageA
GetTopWindow
GetWindowTextA
ReleaseDC
IsWindowVisible
PrintWindow
GetWindow
EnumDisplayMonitors
MapVirtualKeyW
ScreenToClient
GetWindowRect
OpenDesktopA
GetMenuItemID
RealGetWindowClassA
CreateDesktopA
EnumDisplaySettingsA
MenuItemFromPoint
WindowFromPoint

gdi32

StretchBlt
GetCurrentObject
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA

shell32

SHGetFolderPathA
SHAppBarMessage

ole32

CreateStreamOnHGlobal

gdiplus

GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage

Exports

Exports

SEEnd
SEStart

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b127f828272d855c54beadf5b734b81

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 11KB