b450c5f5ddf13bea0760d9acdd8c5f5077ab7a3737c1786332ddce262c9e8799

Sharing

Copy URL Twitter E-mail

General

Target

b450c5f5ddf13bea0760d9acdd8c5f5077ab7a3737c1786332ddce262c9e8799
Size

292KB
MD5

d9cdcd759d5700c9b28d0c239a3af810
SHA1

a26227ba820b920d699c6b45323d07a2ad95deb8
SHA256

b450c5f5ddf13bea0760d9acdd8c5f5077ab7a3737c1786332ddce262c9e8799
SHA512

a14af1c99c6c36ad6b157aba40468585388f55e6ed43a89675af47406ba98438db123f3aca33753633f0e986a5dcfad59006fbe9665e6ba3cc7c08e15712129c
SSDEEP

6144:LmKFrMVCNocNNreJb0/FkBV+UdvrEFp7hK6DC:LrKyhNX/FkBjvrEH7DDC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b450c5f5ddf13bea0760d9acdd8c5f5077ab7a3737c1786332ddce262c9e8799

Files

b450c5f5ddf13bea0760d9acdd8c5f5077ab7a3737c1786332ddce262c9e8799
.dll windows:4 windows x86 arch:x86

00dbf6f7b220f25ff637c1dcbaa474ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\mydev\inno-download-plugin\ansi\idp.pdb

Imports

wininet

InternetQueryOptionA
HttpSendRequestA
FtpGetFileSize
InternetErrorDlg
HttpOpenRequestA
InternetCrackUrlA
FtpOpenFileA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
FtpSetCurrentDirectoryA
InternetFindNextFileA
InternetSetOptionA
FtpFindFirstFileA

user32

GetWindowRect
GetParent
GetDC
SetWindowLongA
MessageBoxA
GetWindowLongA
ReleaseDC
RedrawWindow
GetDesktopWindow
PostMessageA
MapWindowPoints
EnableWindow
MoveWindow
LoadIconA
MessageBeep
SendMessageA
GetDlgItem
EndDialog
ShowWindow
SetWindowTextA
DialogBoxParamA
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

SelectObject
GetTextExtentPoint32A

kernel32

ReadFile
SetEndOfFile
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
CreateFileA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
GetEnvironmentStrings
HeapFree
WaitForSingleObject
GetLastError
GetTickCount
FormatMessageA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
CloseHandle
ResumeThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateDirectoryA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapDestroy
HeapCreate
VirtualFree

Exports

Exports

idpAddFile
idpAddFileComp
idpAddFileSize
idpAddFileSize32
idpAddFileSizeComp
idpAddFileSizeComp32
idpAddFtpDir
idpAddFtpDirComp
idpAddMessage
idpAddMirror
idpClearFiles
idpConnectControl
idpDownloadFile
idpDownloadFiles
idpDownloadFilesComp
idpDownloadFilesCompUi
idpFileDownloaded
idpFilesCount
idpFilesDownloaded
idpFtpDirsCount
idpGetFileSize
idpGetFileSize32
idpGetFilesSize
idpGetFilesSize32
idpReportError
idpSetComponents
idpSetDetailedMode
idpSetInternalOption
idpSetLogin
idpSetProxyLogin
idpSetProxyMode
idpSetProxyName
idpStartDownload
idpStopDownload
idpTrace

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00dbf6f7b220f25ff637c1dcbaa474ae

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB