78a20e644f593acb71d94be96ed1e3a9ba7515be2c50aef844277a9e5c03637a

Sharing

Copy URL

Twitter E-mail

General

Target

78a20e644f593acb71d94be96ed1e3a9ba7515be2c50aef844277a9e5c03637a
Size

195KB
MD5

718481c044540b8c579300be9b69b6e5
SHA1

3ea13fd50f7230dc670b059b2944f02b57572cf0
SHA256

78a20e644f593acb71d94be96ed1e3a9ba7515be2c50aef844277a9e5c03637a
SHA512

54ef89f5843b9d7d6c85825728f603888f880b16a7b99ef642cfc031966c2eb6b7ba486d69ef814fd6322f5b3ce6f7c41204d22e24e761924cf3ecf56376da06
SSDEEP

6144:E71G5+XwrI/vA3TH1hSeBWcE/sYoRTeIohyF/5Sz:E7gk/vAbqRoRBoU5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78a20e644f593acb71d94be96ed1e3a9ba7515be2c50aef844277a9e5c03637a

Files

78a20e644f593acb71d94be96ed1e3a9ba7515be2c50aef844277a9e5c03637a
.dll windows:6 windows x64 arch:x64

8152fb095d80fec526a7172977df9283

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ProcessIdToSessionId
CreateProcessA
GetStartupInfoA
CreateThread
ExitThread
WaitForMultipleObjects
GetStdHandle
ReadFile
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
GetSystemDirectoryA
WriteConsoleInputA
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleActiveScreenBuffer
SetConsoleScreenBufferSize
SetConsoleCursorPosition
AllocConsole
FreeConsole
CreateConsoleScreenBuffer
GetTempPathA
CreateFileW
ReadConsoleW
WriteConsoleW
LocalFree
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
SetFileAttributesA
lstrcpynA
FindClose
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
MoveFileExA
MoveFileA
DeleteFileA
CreateFileA
GetWindowsDirectoryA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
CreateEventA
lstrcatA
lstrcpyA
lstrcmpiA
CloseHandle
SetFilePointer
WideCharToMultiByte
Sleep
WaitForSingleObject
SetErrorMode
GetLastError
TerminateThread
GetCurrentThreadId
TerminateProcess
ExitProcess
GetCurrentProcessId
GetCurrentProcess
lstrlenA
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
GetProcAddress
FreeLibrary
SetStdHandle
HeapSize
FlushFileBuffers
RaiseException
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
DeleteCriticalSection
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WriteFile
GetCurrentDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
ResumeThread
EncodePointer
DecodePointer
LoadLibraryExW
GetSystemTimeAsFileTime
RtlUnwindEx
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
SetEnvironmentVariableA

user32

wsprintfA
MapVirtualKeyA

advapi32

RegisterServiceCtrlHandlerW
GetTokenInformation
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusExA
DeleteService
ControlService
CloseServiceHandle
RegSetValueExA
RegSetKeySecurity
RegSaveKeyA
RegRestoreKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegGetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserA
ImpersonateLoggedOnUser
LookupPrivilegeValueA
LookupAccountSidA
SetKernelObjectSecurity
MakeAbsoluteSD
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
DeleteAce
GetAclInformation
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

ws2_32

select
recv
listen
inet_ntoa
inet_addr
htons
ioctlsocket
closesocket
bind
accept
send
gethostbyname
gethostname
WSAStartup
socket
shutdown

shlwapi

StrCmpNIA
SHDeleteKeyA
PathFileExistsA

wininet

HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState
HttpQueryInfoA
InternetConnectA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

Run
ServiceMain
StartMain

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8152fb095d80fec526a7172977df9283

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

wininet

psapi

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB