c9582cc2f38f38cee24120038a7606ae667b8b8239d3a89cdee70b46e340cb2a

Sharing

Copy URL Twitter E-mail

General

Target

c9582cc2f38f38cee24120038a7606ae667b8b8239d3a89cdee70b46e340cb2a
Size

535KB
MD5

12f48138a3644c4fb0d02bffa5a4dc20
SHA1

79db7a3fa5844afbe06dcf6c0b3a92a494755913
SHA256

c9582cc2f38f38cee24120038a7606ae667b8b8239d3a89cdee70b46e340cb2a
SHA512

1f4f9122eaac78cf5d750362dcaf6d9805b6d5952e10f496787c5268bf009deeff6324aa2938f2652761b69ce7f0609ba4ce3ee2665ebb1e9a9e9309912aa8d4
SSDEEP

12288:tee8C17SrOT+OeO+OeNhBBhhBBjeI/+HzRBcckWqZxewSu/hA8:teSYqkeI/VW4xewJ/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9582cc2f38f38cee24120038a7606ae667b8b8239d3a89cdee70b46e340cb2a

Files

c9582cc2f38f38cee24120038a7606ae667b8b8239d3a89cdee70b46e340cb2a
.dll windows:5 windows x86 arch:x86

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetStdHandle
GetTickCount
FreeLibrary
GetLastError
CloseHandle
Sleep
WriteFile
GetProfileStringA
SetEnvironmentVariableA
CompareStringW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
WideCharToMultiByte
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
ExitProcess
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
GetStringTypeW
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryW
HeapReAlloc
CreateFileW
SetEndOfFile
GetProcessHeap
InitializeCriticalSection

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus

ws2_32

select
inet_addr
htons
gethostbyname
shutdown
WSAStartup
closesocket

Exports

Exports

ServiceMain
Start

Sections

.scode
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69233bd6d781a3942350d0ec137a5084

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.scode Size: 19KB - Virtual size: 19KB

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 62KB - Virtual size: 62KB

.scode
Size: 19KB - Virtual size: 19KB

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 62KB - Virtual size: 62KB