ae90dd0b3d80730a45d9b32d31664fcab384e5a345dbf224593fc888dcaac34c

Sharing

Copy URL

Twitter E-mail

General

Target

ae90dd0b3d80730a45d9b32d31664fcab384e5a345dbf224593fc888dcaac34c
Size

39KB
MD5

27bdfbe49d7a6f0609fd786e8ad9fff2
SHA1

2b12d03b0ab0aa8ad57d3aa8cdec25839977d81e
SHA256

ae90dd0b3d80730a45d9b32d31664fcab384e5a345dbf224593fc888dcaac34c
SHA512

aab47f7132f0510c07ef07ee8862dd11ec38edd9176ee67d36fbffffbabcdfe36bd972059da89bf6a9149f3e9af27084f0277e7e9fc3a9fb9f6458891aab8644
SSDEEP

768:WSfn/6vZQshffrscpKLRT8dggyifSW/VME8GdaXGiGyE:WSqfDscsgsW/VjtaXGiGyE

Score

1^/10

Malware Config

Signatures

Files

ae90dd0b3d80730a45d9b32d31664fcab384e5a345dbf224593fc888dcaac34c
.dll windows:4 windows x86 arch:x86

1a5679ee3352be6e42488b3d0d957b29

Code Sign

04:43:a6:c2:3b:a1:71:43:be:db:af:55:05:35:62:3c
Certificate

Issuer

CN=Microsoft Corporation

Not Before

31-12-2004 16:00

Not After

31-12-2017 16:00

Subject

CN=Microsoft Corporation

e7:dc:23:a4:9e:03:b8:5f:9a:b4:47:af:85:15:3b:90:ed:66:e0:1f
Signer

Actual PE Digest

e7:dc:23:a4:9e:03:b8:5f:9a:b4:47:af:85:15:3b:90:ed:66:e0:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
OpenEventLogA

user32

TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
PostQuitMessage
DefWindowProcA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DispatchMessageA

gdi32

GetStockObject

msvcrt

??3@YAXPAX@Z
localtime
__CxxFrameHandler
fclose
fprintf
fopen
sprintf
_access
fwrite
rand
srand
time
fread
ftell
fseek
fgets
_iob
_purecall
_CxxThrowException
free
malloc
strncmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
atoi
_beginthreadex
??2@YAPAXI@Z
strstr
strncpy
wcstombs
_vsnprintf
strrchr
_strlwr

ws2_32

shutdown
closesocket
connect
gethostbyname
htons
inet_addr
socket
WSAGetLastError
send
recv
WSAStartup
select

iphlpapi

GetAdaptersInfo

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

kernel32

LeaveCriticalSection
GetLastError
SetFilePointer
EnterCriticalSection
GetProcAddress
GlobalAlloc
FreeConsole
Sleep
LoadLibraryA

Exports

Exports

ServiceMain
Start

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a5679ee3352be6e42488b3d0d957b29

Code Sign

04:43:a6:c2:3b:a1:71:43:be:db:af:55:05:35:62:3cCertificate

e7:dc:23:a4:9e:03:b8:5f:9a:b4:47:af:85:15:3b:90:ed:66:e0:1fSigner

Headers

File Characteristics

Imports

advapi32

user32

gdi32

msvcrt

ws2_32

iphlpapi

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

04:43:a6:c2:3b:a1:71:43:be:db:af:55:05:35:62:3c
Certificate

e7:dc:23:a4:9e:03:b8:5f:9a:b4:47:af:85:15:3b:90:ed:66:e0:1f
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB