c8d2ac981be6bbd200b44e2e3915891270ab9f2fd034bcc9ab6872b70ad70bd6

Sharing

Copy URL Twitter E-mail

General

Target

c8d2ac981be6bbd200b44e2e3915891270ab9f2fd034bcc9ab6872b70ad70bd6
Size

828KB
MD5

0636be4395e1e4226784b0be13a74d18
SHA1

6661b46cf446f58509a75d719806f09981523c37
SHA256

c8d2ac981be6bbd200b44e2e3915891270ab9f2fd034bcc9ab6872b70ad70bd6
SHA512

52c7e7bfbc43f77bc591367c21c79e460a1ef103637f61b9a8bec735f5888d6735c9231ff53ea28e6b8168f3955a1914a14c046469c38a5429773583eb695fc0
SSDEEP

12288:CRbi46X9kR5EB6pxIM85b24q8FFY7B7H2mvj9ZA9wXVRH09t40iSjoSI:CYBs8FFY7BxJZAaXX03LjoSI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d2ac981be6bbd200b44e2e3915891270ab9f2fd034bcc9ab6872b70ad70bd6

Files

c8d2ac981be6bbd200b44e2e3915891270ab9f2fd034bcc9ab6872b70ad70bd6
.dll windows:4 windows x86 arch:x86

ff56dae809f37fab565caf15ebb00dca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDiskFreeSpaceExW
CopyFileW
FileTimeToSystemTime
GetProcessTimes
GetExitCodeProcess
OpenMutexW
CreateMutexW
TerminateProcess
FreeLibrary
LoadLibraryExW
GetFileTime
GetComputerNameW
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
CreateFileW
GetFileSize
WaitForSingleObject
GetComputerNameA
QueryPerformanceCounter
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateDirectoryA
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
QueryDosDeviceA
DeviceIoControl
ReadFile
GetTickCount
Sleep
MoveFileA
CopyFileA
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
MoveFileExW
DeleteFileW
GetFileAttributesA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
MoveFileExA
DeleteFileA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryA
GetModuleHandleW
CreateFileA
GetFileInformationByHandle
CloseHandle
GetCurrentProcessId
GetLastError
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryA
SetEvent
GetModuleFileNameA
LocalAlloc
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
QueryDosDeviceW
GetLogicalDrives
GetDriveTypeW
GetDriveTypeA
AllocConsole
WriteConsoleA
FreeConsole
OutputDebugStringW
VirtualQueryEx
InterlockedExchangeAdd
InterlockedCompareExchange
CreateProcessA
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetEndOfFile
SetPriorityClass
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
InterlockedDecrement
lstrlenA
InterlockedIncrement
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
InterlockedExchange
CreateMutexA
ReleaseMutex
PulseEvent
ResetEvent
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
SuspendThread
GetExitCodeThread
IsBadReadPtr
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
CancelIo
OpenEventA
OpenMutexA
OpenSemaphoreA
LoadLibraryW
ExpandEnvironmentStringsA
SetLastError
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
MoveFileW
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
RaiseException
ExitProcess
FatalAppExitA
GetCPInfo
GetOEMCP
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadWritePtr
IsBadCodePtr
UnhandledExceptionFilter
SetFilePointer
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler

user32

GetDesktopWindow
GetWindowTextA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
FindWindowExA
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
CloseWindowStation
EnumChildWindows
OpenWindowStationA
GetUserObjectInformationW
MessageBoxA
MessageBoxW
SendMessageTimeoutA
EnumDesktopWindows
IsWindowVisible
GetWindowTextW
GetWindowLongA
MsgWaitForMultipleObjects
PostThreadMessageA
PostMessageA
GetSystemMetrics
GetParent
SetProcessWindowStation
GetMessageA
PeekMessageA
SetForegroundWindow
TranslateMessage
DispatchMessageA
AttachThreadInput
ShowWindow
SetWindowPos
EnumWindows

advapi32

RegConnectRegistryA
RegCreateKeyExA
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
GetFileSecurityA
AllocateAndInitializeSid
EqualSid
FreeSid
SetFileSecurityA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyW
RegCreateKeyExW
RegSetKeySecurity
LookupAccountSidW
RegOpenKeyW
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegOpenKeyExA

oleaut32

SystemTimeToVariantTime

ws2_32

WSAStartup
WSACleanup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
ntohl
getpeername
getsockname
getsockopt
send
recv
sendto
recvfrom
WSAGetLastError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

Exports

Exports

OFCDoFunc
OFCInit
OFCIsServerStart
OFCUnInit
OFFreeReply
OFSGetReq
OFSNotifyReply
OFSRunServer
OFSSetReqAndWaitReply
OFSWaitNotifyReq

Sections

.text
Size: 620KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff56dae809f37fab565caf15ebb00dca

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

version

gdi32

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 617KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 84KB - Virtual size: 125KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 620KB - Virtual size: 617KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 84KB - Virtual size: 125KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB