bb4865430c79f45441c4c12728ac4a43b4ef5f4f61542ddc550e6097c9f5d348

Sharing

Copy URL

Twitter E-mail

General

Target

bb4865430c79f45441c4c12728ac4a43b4ef5f4f61542ddc550e6097c9f5d348
Size

292KB
MD5

6daeb3d42098a84b5a44e6b16d9f6231
SHA1

d4f012fcb61b0aa5344bfa8c942e7ee7ec90ec07
SHA256

bb4865430c79f45441c4c12728ac4a43b4ef5f4f61542ddc550e6097c9f5d348
SHA512

1827b8454a34931c439150a95814501db66a7877da8ea2a98749872e878c1f8e0d9a94c809ca8e68df06ba947b96dfa801def30150ff8154ba2b0206b976ab2a
SSDEEP

6144:TsKFrMaCNoD5NNreJb0/FkBV+UdvrEFp7hKpGI:lKX+5NX/FkBjvrEH7GGI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb4865430c79f45441c4c12728ac4a43b4ef5f4f61542ddc550e6097c9f5d348

Files

bb4865430c79f45441c4c12728ac4a43b4ef5f4f61542ddc550e6097c9f5d348
.dll windows:4 windows x86 arch:x86

00dbf6f7b220f25ff637c1dcbaa474ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\mydev\inno-download-plugin\ansi\idp.pdb

Imports

wininet

InternetQueryOptionA
HttpSendRequestA
FtpGetFileSize
InternetErrorDlg
HttpOpenRequestA
InternetCrackUrlA
FtpOpenFileA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
FtpSetCurrentDirectoryA
InternetFindNextFileA
InternetSetOptionA
FtpFindFirstFileA

user32

GetWindowRect
GetParent
GetDC
SetWindowLongA
MessageBoxA
GetWindowLongA
ReleaseDC
RedrawWindow
GetDesktopWindow
PostMessageA
MapWindowPoints
EnableWindow
MoveWindow
LoadIconA
MessageBeep
SendMessageA
GetDlgItem
EndDialog
ShowWindow
SetWindowTextA
DialogBoxParamA
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

SelectObject
GetTextExtentPoint32A

kernel32

ReadFile
SetEndOfFile
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
CreateFileA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
GetEnvironmentStrings
HeapFree
WaitForSingleObject
GetLastError
GetTickCount
FormatMessageA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
CloseHandle
ResumeThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateDirectoryA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapDestroy
HeapCreate
VirtualFree

Exports

Exports

idpAddFile
idpAddFileComp
idpAddFileSize
idpAddFileSize32
idpAddFileSizeComp
idpAddFileSizeComp32
idpAddFtpDir
idpAddFtpDirComp
idpAddMessage
idpAddMirror
idpClearFiles
idpConnectControl
idpDownloadFile
idpDownloadFiles
idpDownloadFilesComp
idpDownloadFilesCompUi
idpFileDownloaded
idpFilesCount
idpFilesDownloaded
idpFtpDirsCount
idpGetFileSize
idpGetFileSize32
idpGetFilesSize
idpGetFilesSize32
idpReportError
idpSetComponents
idpSetDetailedMode
idpSetInternalOption
idpSetLogin
idpSetProxyLogin
idpSetProxyMode
idpSetProxyName
idpStartDownload
idpStopDownload
idpTrace

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00dbf6f7b220f25ff637c1dcbaa474ae

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB