8215984c77b6a83243318351b00bceca0ab4e1d89f5b2411c971daea1a39366b

Sharing

Copy URL Twitter E-mail

General

Target

8215984c77b6a83243318351b00bceca0ab4e1d89f5b2411c971daea1a39366b
Size

18KB
MD5

b05ac388cc8697b540d354a2bc6a72c5
SHA1

4476a3c10ec085544f2f24f87cdfaa6cf77b793e
SHA256

8215984c77b6a83243318351b00bceca0ab4e1d89f5b2411c971daea1a39366b
SHA512

375f767710a1f9534931cef6c84e9d36ff63c3116bb7f75775228d8629351242d69dfa697eba32a64ba81f433e6899da8dbe0d0d704966e85ccde2acb5bd2279
SSDEEP

384:yr1IVxHlA399PsgMlDxZoagApXeM8n33QAqQ25SkVuM1t:gwitFBMVQweM8n33lqQ2RZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8215984c77b6a83243318351b00bceca0ab4e1d89f5b2411c971daea1a39366b

Files

8215984c77b6a83243318351b00bceca0ab4e1d89f5b2411c971daea1a39366b
.dll windows:5 windows x86 arch:x86

cb4b11ea4101eb4546198aacc0c7edf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwMapViewOfSection
ZwCreateSection
memcpy
RtlNtStatusToDosError
memset
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwQueueApcThread
ZwUnmapViewOfSection
ZwCreateEvent
wcschr
LdrGetProcedureAddress
swprintf
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwClose
ZwQueryVolumeInformationFile
ZwOpenFile
RtlTimeToSecondsSince1980
qsort
ZwQueryEaFile
ZwQueryDirectoryFile
RtlExitUserThread
wcstoul
ZwDeleteFile
ZwCreateFile
ZwWriteFile
ZwSetEaFile
ZwSetInformationFile
wcscpy
RtlComputeCrc32
ZwReadFile
RtlInitUnicodeString
RtlAddressInSectionTable
RtlUnwind
NtQueryVirtualMemory

kernel32

InitializeCriticalSection
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
LocalFree
LocalAlloc
Sleep
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserAPC
DisableThreadLibraryCalls
CreateThread
DeleteCriticalSection
FreeLibrary
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
VirtualAlloc
VirtualFree

advapi32

CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureW
CryptSetHashParam
CryptCreateHash
CryptReleaseContext
MD5Init
CryptGenRandom
CryptImportKey
CryptAcquireContextW
MD5Final
MD5Update

mswsock

AcceptEx

ws2_32

setsockopt
WSASend
WSARecv
WSAIoctl
listen
WSASendTo
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
bind
WSARecvFrom

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4b11ea4101eb4546198aacc0c7edf9

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB