2cbe94269b492be8781711a9c2171b0bb8b1376622f33ecba66d12d5a2a40170

Sharing

Copy URL Twitter E-mail

General

Target

2cbe94269b492be8781711a9c2171b0bb8b1376622f33ecba66d12d5a2a40170
Size

196KB
MD5

d81974b7dbdc889fb035490ab24b6587
SHA1

a45b1a719ea7e6cd0a87bfb7a02244e6ff97e1dc
SHA256

2cbe94269b492be8781711a9c2171b0bb8b1376622f33ecba66d12d5a2a40170
SHA512

7b15d0001f8371e4d7bae4cfe72c5ad9cfbe0f8cc51b3c3ec7b4cd10f2cb6042206deacdf06250e7f28fc8e155ec114fa3084610d29071ac891497579dca4d3b
SSDEEP

3072:GumT9kaZrJKYLwH+aiBIeCmti8vDbLFPswWgnyiPq39Aqo6mVZyot:GlTiapotqBIeh0yLFPswjyiPqwGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cbe94269b492be8781711a9c2171b0bb8b1376622f33ecba66d12d5a2a40170

Files

2cbe94269b492be8781711a9c2171b0bb8b1376622f33ecba66d12d5a2a40170
.dll windows:4 windows x86 arch:x86

f955d55ee7a390a338538f9ad717876f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyaddr
WSAStartup
inet_addr
socket
gethostbyname
htons
WSACleanup
connect
closesocket
recv
send
WSAGetLastError

kernel32

LeaveCriticalSection
ExitProcess
CompareStringA
FlushFileBuffers
CompareStringW
RaiseException
IsBadCodePtr
LoadLibraryA
SetUnhandledExceptionFilter
IsBadWritePtr
ReleaseMutex
Sleep
WaitForSingleObject
CloseHandle
CreateMutexA
GetFullPathNameA
GetFileAttributesA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileA
WriteFile
SetFilePointer
ReadFile
DeleteFileA
SetEndOfFile
GetLastError
GetLocalTime
TlsGetValue
VirtualAlloc
GetStringTypeW
GetStringTypeA
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
SetEnvironmentVariableA
GetFileType
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
HeapReAlloc
IsBadReadPtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
FreeEnvironmentStringsA
GetProcAddress
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
SetStdHandle

user32

DdeCreateStringHandleA
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize

Exports

Exports

_Java_TC1Interface_EditTimeReq@12
_Java_TC1Interface_clockIn@12
_Java_TC1Interface_getTimeCard@16

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f955d55ee7a390a338538f9ad717876f

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 28KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 28KB

.reloc
Size: 12KB - Virtual size: 8KB