50f193a64ec821921de32a4754b6ce0e953225cab2fed360fc1352bdf4861bfc

Sharing

Copy URL

Twitter E-mail

General

Target

50f193a64ec821921de32a4754b6ce0e953225cab2fed360fc1352bdf4861bfc
Size

52KB
MD5

d3ef3ee4d99fde2e01ff65c5962280df
SHA1

6487367e3ace14e67f02a1740c55e795b0ce2345
SHA256

50f193a64ec821921de32a4754b6ce0e953225cab2fed360fc1352bdf4861bfc
SHA512

602ad97a9ff2f7ca70b307021c18327af7204aa7b41e7f309d0b1457785b799601f8c751602b89a232a37ba62731f35033a90882623c97892f4feea662c9d283
SSDEEP

768:M33rscer0a5pG54SfpB3C5zfgif/OHuLg6giyV6hTOaa:A3zUpcjn3WzfxWH6jyAhTK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50f193a64ec821921de32a4754b6ce0e953225cab2fed360fc1352bdf4861bfc

Files

50f193a64ec821921de32a4754b6ce0e953225cab2fed360fc1352bdf4861bfc
.dll windows:4 windows x86 arch:x86

a2b87a5ae6b7005292ef13dbbc0e7af2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CopyFileA
GetModuleFileNameA
CreateProcessA
ExpandEnvironmentStringsA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
DeleteFileA
GetTickCount
LocalAlloc
ReadFile
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
GetSystemInfo
GetLocalTime
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetVersionExA
WinExec
GetFileAttributesA
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
DefineDosDeviceA
ExitProcess
CreateThread
GetCurrentThreadId
Process32Next
Process32First
GetSystemDirectoryA
GetFileSize
SetFilePointer
lstrlenA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualFree
VirtualAlloc
lstrcmpiA

user32

EnumWindows
IsWindowVisible
SendMessageA
GetMessageA
PostThreadMessageA
GetInputState
GetWindowTextA
GetLastInputInfo
CloseClipboard
GetClipboardData
OpenClipboard
ExitWindowsEx
SetClipboardData
EmptyClipboard
wsprintfA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetWindow
GetClassNameA
FindWindowA
MessageBoxA

advapi32

OpenProcessToken
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
DeleteService
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegSetValueExA

shell32

SHChangeNotify
ShellExecuteExA
SHGetSpecialFolderPathA

ws2_32

WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send
getsockname
gethostname

msvcrt

_strupr
memset
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_beginthreadex
_except_handler3
strncmp
sprintf
strcspn
strncpy
atoi
_access
strrchr
malloc
free
realloc
strstr
strcmp
_CxxThrowException
memcmp
??2@YAPAXI@Z
_stricmp
exit
strcpy
strcat
??3@YAXPAX@Z
memcpy
_ftol
__CxxFrameHandler
strlen

setupapi

SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

Exports

Exports

fuckyou

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2b87a5ae6b7005292ef13dbbc0e7af2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

msvcrt

setupapi

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB