e66818dfb9c2a5762b5c9e633026e2431018c16eb47884f6f089508e80e8e9ba

General

Target

e66818dfb9c2a5762b5c9e633026e2431018c16eb47884f6f089508e80e8e9ba
Size

28KB
MD5

81b7950006f4f5085d1691a3c5c09d88
SHA1

cf93e9dd26773e05282a884133570abb64f21b06
SHA256

e66818dfb9c2a5762b5c9e633026e2431018c16eb47884f6f089508e80e8e9ba
SHA512

4d46570131caa09093a17374cc302cbd9512aed233d1ade992170f2a57b82566262f43d02dd183e161b4f12b9aff425719b6f9ae1095e7056af2bfa6be20fb39
SSDEEP

384:6B0wjhgvb6E0IXBBy//Zcf2e9Rg3G8vzHI9Q:6BbjhzE1OpI2eQG8vzH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e66818dfb9c2a5762b5c9e633026e2431018c16eb47884f6f089508e80e8e9ba

Files

e66818dfb9c2a5762b5c9e633026e2431018c16eb47884f6f089508e80e8e9ba
.dll windows:4 windows x86 arch:x86

48d83c90127dce41ef9bc5c71f26fbee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord354
ord5186
ord665
ord6385
ord1979
ord5572
ord2915
ord823
ord825
ord858
ord860
ord540
ord537
ord535
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
fwrite
_vsnprintf
fopen
_strtime
_strdate
fprintf
wcstombs
strncpy
fclose
_iob
strchr
rand
sprintf
__CxxFrameHandler
time
srand
atoi
strstr
_beginthreadex
_strlwr

kernel32

GetProcAddress
Process32First
GetExitCodeThread
OpenProcess
Process32Next
GetLastError
GetProcessHeap
HeapAlloc
Sleep
FreeConsole
ExpandEnvironmentStringsA
CloseHandle
WaitForSingleObject
GetCurrentProcess
LocalFree
LoadLibraryA
CreateProcessA
DeleteFileA
CreateThread
HeapFree

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
SetServiceStatus
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
ConvertSidToStringSidA
EqualSid
GetTokenInformation
RegisterServiceCtrlHandlerA

wininet

InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCloseHandle

Exports

Exports

ComeOn
ServiceMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d83c90127dce41ef9bc5c71f26fbee

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 944B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 944B