8b0406f8ab66870f06b77fca4bc7670479795b7c2a1953c6e040276632b0df68

Sharing

Copy URL Twitter E-mail

General

Target

8b0406f8ab66870f06b77fca4bc7670479795b7c2a1953c6e040276632b0df68
Size

544KB
MD5

a0cf20221d459aa02124535976e4a883
SHA1

cdf272fb9c440de9f69d7cc8d839666bc8fda1b7
SHA256

8b0406f8ab66870f06b77fca4bc7670479795b7c2a1953c6e040276632b0df68
SHA512

bd890ed91e43fdf802f6abc7836cf1af974fed31d9b544b6df2ac498aa1a35b3da5b75a864484d05cd826086a139e6eaecebb2871892b87762d074ce0c803911
SSDEEP

3072:ev2cYEzOJyhKkb8pEDqA2vLeXtO6Ot5O6H9SRuJ1:i2cYEzioqA2vLevOt5O6H0RM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b0406f8ab66870f06b77fca4bc7670479795b7c2a1953c6e040276632b0df68

Files

8b0406f8ab66870f06b77fca4bc7670479795b7c2a1953c6e040276632b0df68
.dll windows:5 windows x86 arch:x86

6754cbaa64e5e72e4101dd357a615690

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

getenv
memcpy
realloc
_localtime64
printf
setvbuf
_ftime64
_findfirst64i32
fflush
_difftime64
strftime
vsprintf
??2@YAPAXI@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
__CxxFrameHandler3
sprintf_s
fgets
_fstat64i32
calloc
atof
rewind
perror
ferror
putc
getc
feof
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
atol
strrchr
strstr
strchr
_getpid
srand
rand
_access
_errno
_time64
memset
strncpy
?_open@@YAHPBDHH@Z
_read
_close
__iob_func
exit
strncmp
malloc
atoi
fopen
fprintf
fclose
_unlink
sprintf
fread
free
_tempnam
_fileno
_mkdir
_strdup
_CxxThrowException

kernel32

LocalFree
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetLastError
InterlockedDecrement
FormatMessageA
lstrlenA
LocalAlloc

ole32

CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysFreeString
VariantCopy
VariantInit
VariantClear
GetErrorInfo
SysAllocString

libcurl

curl_easy_setopt
curl_easy_init
curl_easy_strerror
curl_easy_cleanup
curl_slist_free_all
curl_easy_perform
curl_slist_append

Exports

Exports

?Custom@@YAXPADPAPAD@Z
?Free@@YAXXZ

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 443KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6754cbaa64e5e72e4101dd357a615690

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

ole32

oleaut32

libcurl

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 443KB - Virtual size: 641KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 443KB - Virtual size: 641KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 14KB - Virtual size: 14KB