d4421fa7779570c58884272d4d2169635edef6d47fb38f8b009b22e83ad8dd53

Sharing

Copy URL Twitter E-mail

General

Target

d4421fa7779570c58884272d4d2169635edef6d47fb38f8b009b22e83ad8dd53
Size

100KB
MD5

53e0093eebc6ab1022b06ac77203e867
SHA1

7bed65f288dfcc7c10f5a7cae7e2ab26ce098623
SHA256

d4421fa7779570c58884272d4d2169635edef6d47fb38f8b009b22e83ad8dd53
SHA512

a8b17bf39e1f87a3380876d8053dba3c42cc25779615db24da2bd3c1187199687a85508441a282ed396b2e58c1d4c8153b4cd5a304d3541a2ee7039f16bd6e02
SSDEEP

1536:y0+Uf6A8W3kIBnBWq0CfvzBSVJuUdFU70v53c7NrLVZbvwzei:yw38W3kIBnTLoJuUdFU7G3cVZkzd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4421fa7779570c58884272d4d2169635edef6d47fb38f8b009b22e83ad8dd53

Files

d4421fa7779570c58884272d4d2169635edef6d47fb38f8b009b22e83ad8dd53
.dll windows:4 windows x86 arch:x86

9ebd5dca8584d767f0a2d4d3556ea4b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord858
ord5981
ord4299
ord6880
ord6199
ord3873
ord3092
ord3089
ord2859
ord860
ord6876
ord941
ord924
ord4129
ord5572
ord2915
ord823
ord342
ord1182
ord4202
ord537
ord5953
ord3097
ord923
ord6930
ord3996
ord1008
ord940
ord3571
ord2096
ord2827
ord6784
ord533
ord6877
ord540
ord2818
ord800
ord4234
ord1641
ord2414
ord825
ord3626
ord3573
ord3663
ord1253

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
sscanf
_ftol
rename
_mbscmp
_snprintf
_itoa
_i64toa
atof
isalpha
_stricmp
__CxxFrameHandler
strstr
free
realloc
fclose
fwrite
fopen
atoi
time
localtime
mktime
_atoi64
strchr
_ui64toa
sprintf
isdigit
malloc
strncmp
_strnicmp
strrchr
strncpy
fread
fseek
_ultoa
fgets

kernel32

GetComputerNameA
ExpandEnvironmentStringsA
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
GetVersion
GetUserDefaultLangID
GetPrivateProfileStringA
SetLastError
FindNextFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
WriteFile
FlushFileBuffers
DeleteFileA
LocalAlloc
LocalFree
Sleep
GetProcAddress
LoadLibraryExA
FreeLibrary
GetLastError
CreateDirectoryA
FindClose
FindFirstFileA
CloseHandle
CreateFileA
ReadFile
GetFileSize
CopyFileA
GetPrivateProfileSectionA
LoadLibraryA

user32

IsWindow
IsIconic
GetDesktopWindow
SetDlgItemTextA
SetMenuItemInfoA
GetSubMenu
GetParent
BeginPaint
ScreenToClient
MoveWindow
LoadImageA
FindWindowA
PostMessageA
GetWindow
GetClientRect
SendMessageA
GetWindowTextA
SetWindowTextA
MessageBoxA
GetDC
ReleaseDC
GetWindowRect
PtInRect
keybd_event
GetSysColor
EndPaint

gdi32

GetObjectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
CreateFontA
GetNearestColor
GetDeviceCaps
CreateSolidBrush

advapi32

RegOpenKeyA
RegOpenKeyExA
RegEnumKeyExA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegQueryValueExA

comctl32

ImageList_AddMasked

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebd5dca8584d767f0a2d4d3556ea4b7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB