c9228df83785b6a51509a46a87433a4d53fbff0ac814b19e244082024d0e9591

Sharing

Copy URL Twitter E-mail

General

Target

c9228df83785b6a51509a46a87433a4d53fbff0ac814b19e244082024d0e9591
Size

31KB
MD5

a9514a6ad139fc110faf17ce5b7c1dc0
SHA1

36db1a7234c0eeac18f4df2b07eecde0c8460821
SHA256

c9228df83785b6a51509a46a87433a4d53fbff0ac814b19e244082024d0e9591
SHA512

92bf367e9c0c211bb60c451bcf5ff964934960cbc8e84dfd411cde58512bf848648c9bb03e5083e6308382368747f0450eea161b9b753362e80ec81785621dd0
SSDEEP

768:gG1pWpcGwQwAgdwWyU38qHsGyxP7LyqclBup:Fp8cG/wAc61CBup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9228df83785b6a51509a46a87433a4d53fbff0ac814b19e244082024d0e9591

Files

c9228df83785b6a51509a46a87433a4d53fbff0ac814b19e244082024d0e9591
.dll windows:4 windows x86 arch:x86

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileStringA
SetFileTime
SystemTimeToFileTime
GetSystemTime
ExpandEnvironmentStringsA
GetLocalTime
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetFileTime
GetSystemDirectoryA
MoveFileA
DeleteFileA
DuplicateHandle
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
WriteFile
DisconnectNamedPipe
WriteProfileStringA
CreateProcessA
CreatePipe
Process32Next
Process32First
CreateToolhelp32Snapshot
PeekNamedPipe
SetFilePointer
GetCurrentProcessId
Sleep
CreateEventA
WaitForMultipleObjects
CreateFileA
GetFileSize
ReadFile
GetCurrentProcess
GetLastError
InitializeCriticalSection
CloseHandle
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetTickCount
DeleteCriticalSection
OpenProcess

advapi32

RegCloseKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

??3@YAXPAX@Z
_purecall
strncpy
strstr
sprintf
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
_beginthreadex
atoi
strrchr
localtime
fclose
fprintf
fopen
_vsnprintf
_access
fwrite
rand
srand
time
fread
ftell
fseek
fgets
_iob
free
malloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strlwr

ws2_32

closesocket
connect
gethostbyname
htons
inet_addr
socket
recv
select
send
setsockopt
WSAStartup
shutdown

iphlpapi

GetAdaptersInfo

Exports

Exports

MyStart

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b67ebed0e731cded55fd8c523b49fa46

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB