b48c742f0ab6fea55116f2f1fecf541985d989d687b598d61b2e617e1e40be2f

Sharing

Copy URL

Twitter E-mail

General

Target

b48c742f0ab6fea55116f2f1fecf541985d989d687b598d61b2e617e1e40be2f
Size

88KB
MD5

37fcf8096f61fc17f15c86b5b1f05869
SHA1

85ddfd5de498f2a05edb624680c54bd35eac3a07
SHA256

b48c742f0ab6fea55116f2f1fecf541985d989d687b598d61b2e617e1e40be2f
SHA512

3ec6ea538cf3cab878ba73490722fa94931627434b546cec05e76fdb3ae06ce91da7a9627638061f7b1dee26d102127df35ed82220b59e6c2c01cf9ac6afe802
SSDEEP

1536:vkgE46e6ILiE2G/5Cwh827LCHxZItFkPywrL0ltBTEf:sg6IWGxZqIVwrL0ltBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48c742f0ab6fea55116f2f1fecf541985d989d687b598d61b2e617e1e40be2f

Files

b48c742f0ab6fea55116f2f1fecf541985d989d687b598d61b2e617e1e40be2f
.dll windows:4 windows x86 arch:x86

de98b56abd5799ef7af3e466d278083e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN_Work\i-SaferPro\trunk\Source\tools\ComProject\ComC\release\ComC.pdb

Imports

libcurl

curl_easy_perform
curl_easy_cleanup
curl_formadd
curl_easy_setopt
curl_easy_init
curl_global_cleanup
curl_global_init
curl_easy_getinfo
curl_easy_strerror
curl_formfree

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

kernel32

TlsFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapSize
GetLastError
HeapReAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetEndOfFile
ReadFile

Exports

Exports

CallCom
CallComCtx
CallSNCom
ClearBuffer
ClearCtx
InitCom
InitComCtx
Test
URLEncode
URLEncodeANSI

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de98b56abd5799ef7af3e466d278083e

Headers

File Characteristics

PDB Paths

Imports

libcurl

iphlpapi

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB