8bb251ed04c7b35131458abd31e07862808f8d797e32b5518f7fca04cfff5328

Sharing

Copy URL Twitter E-mail

General

Target

8bb251ed04c7b35131458abd31e07862808f8d797e32b5518f7fca04cfff5328
Size

31KB
MD5

024b22703ef28f6a97f89856f3ddfc7f
SHA1

e61b348ae713baeedf87fe6e0ef5cad3ed247d86
SHA256

8bb251ed04c7b35131458abd31e07862808f8d797e32b5518f7fca04cfff5328
SHA512

c43c106a95c3ac8dd45fc5e8c53499b1d6319341c559c516180b7c478abe03d44e098fa716ea0a30ffd84fd2f8cc0c055674158e35a16b2a19d694fc5ba17f4e
SSDEEP

768:gG1pWpcGwQwAgdwWyU38qHsGyxP7LyqclBuK:Fp8cG/wAc61CBuK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bb251ed04c7b35131458abd31e07862808f8d797e32b5518f7fca04cfff5328

Files

8bb251ed04c7b35131458abd31e07862808f8d797e32b5518f7fca04cfff5328
.dll windows:4 windows x86 arch:x86

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileStringA
SetFileTime
SystemTimeToFileTime
GetSystemTime
ExpandEnvironmentStringsA
GetLocalTime
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetFileTime
GetSystemDirectoryA
MoveFileA
DeleteFileA
DuplicateHandle
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
WriteFile
DisconnectNamedPipe
WriteProfileStringA
CreateProcessA
CreatePipe
Process32Next
Process32First
CreateToolhelp32Snapshot
PeekNamedPipe
SetFilePointer
GetCurrentProcessId
Sleep
CreateEventA
WaitForMultipleObjects
CreateFileA
GetFileSize
ReadFile
GetCurrentProcess
GetLastError
InitializeCriticalSection
CloseHandle
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetTickCount
DeleteCriticalSection
OpenProcess

advapi32

RegCloseKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

??3@YAXPAX@Z
_purecall
strncpy
strstr
sprintf
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
_beginthreadex
atoi
strrchr
localtime
fclose
fprintf
fopen
_vsnprintf
_access
fwrite
rand
srand
time
fread
ftell
fseek
fgets
_iob
free
malloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strlwr

ws2_32

closesocket
connect
gethostbyname
htons
inet_addr
socket
recv
select
send
setsockopt
WSAStartup
shutdown

iphlpapi

GetAdaptersInfo

Exports

Exports

MyStart

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB