43c398df7cdfa7c8f173190abcdbacc7ed347749d26b0aa21c8377fd48c336e8

Sharing

Copy URL Twitter E-mail

General

Target

43c398df7cdfa7c8f173190abcdbacc7ed347749d26b0aa21c8377fd48c336e8
Size

40KB
MD5

48840fc026bacc1798304ebc8dc3083c
SHA1

bec85f42a9673eb96807bb3925d1a890ad2eeb15
SHA256

43c398df7cdfa7c8f173190abcdbacc7ed347749d26b0aa21c8377fd48c336e8
SHA512

33a9059ae73047187804effd9894508a49bb014c7764f00657cf06d0aae90f9276331a6a05898c588bba8a49fcb4b150f6d6bd74a89d2606365bdc8523170dc7
SSDEEP

384:373K55TqZLHOQ0GaAqZ5Mr2yxA+cWbMqCUUg+6wSC2vIpoBC8VUhVwIo:r4sNuiRj23+JTApoBCfkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c398df7cdfa7c8f173190abcdbacc7ed347749d26b0aa21c8377fd48c336e8

Files

43c398df7cdfa7c8f173190abcdbacc7ed347749d26b0aa21c8377fd48c336e8
.dll regsvr32 windows:4 windows x86 arch:x86

c89f00045e0af190ecdd9a87366105a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAStartup
socket
gethostname
gethostbyname
htons
inet_addr
sendto
WSACleanup
ntohs
ntohl

kernel32

SetEvent
CreateThread
CreateFileA
CreateDirectoryA
GetSystemDirectoryA
TlsGetValue
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
InitializeCriticalSection
GetTickCount
TlsFree
DeleteCriticalSection
WaitForMultipleObjects
DeviceIoControl
GetLastError
CreateEventA
WaitForSingleObject
CloseHandle

msvcrt

_makepath
_splitpath
free
fopen
strcat
__CxxFrameHandler
__dllonexit
_onexit
_initterm
_adjust_fdiv
atoi
strstr
_filelength
_close
remove
_errno
time
rename
fclose
strncat
strrchr
_vsnprintf
_iob
fprintf
fwrite
fflush
_snprintf
toupper
strcpy
memcpy
strlen
??3@YAXPAX@Z
strcmp
??2@YAPAXI@Z
strncpy
memset
malloc
_strdup

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegOpenKeyExA
GetUserNameA

Exports

Exports

DllRegisterServer
DllUnregisterServer
SFS_Cleanup
SFS_GetNetBIOSNameByAddr
SFS_HostLookupResponse
SFS_Init
SFS_SetFilterMode
SFS_SetIVEAddress
SFS_SetNetBiosSupport

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c89f00045e0af190ecdd9a87366105a7

Headers

File Characteristics

Imports

wsock32

kernel32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB