267367508875d9e9bc552ef676cb6c8b9b1dcbaa0d61d42206d6f144c7e6ff92

Sharing

Copy URL

Twitter E-mail

General

Target

267367508875d9e9bc552ef676cb6c8b9b1dcbaa0d61d42206d6f144c7e6ff92
Size

48KB
MD5

898e198b5b03065fa251a0f057b9e62b
SHA1

2b4e4161e1e07a42dfb549be9a5f9bdb7853ad00
SHA256

267367508875d9e9bc552ef676cb6c8b9b1dcbaa0d61d42206d6f144c7e6ff92
SHA512

e6d9effd72f8c9cdc193d0e8a0f9a3188f0fdc15c4ef3096d262cedcd8710583ebc160be5a8e654c0e774fba9d091937dd8b8e77ec6cb1e2f6c9bec194113286
SSDEEP

768:SQYwUn1M0DcQD9C2j5xQ/RLUYpysP42dKOSQYPEBvM7NZtzC9iBgw5LW0:fYwUn1RcCFxuLUBOSQIEBv6NZMg6U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
267367508875d9e9bc552ef676cb6c8b9b1dcbaa0d61d42206d6f144c7e6ff92

Files

267367508875d9e9bc552ef676cb6c8b9b1dcbaa0d61d42206d6f144c7e6ff92
.dll windows:4 windows x86 arch:x86

1ccb08676c163835341c54541bd441e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA
StrDupA
StrStrIA
StrChrA

kernel32

CreateToolhelp32Snapshot
lstrcpyA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
WriteFile
ReadFile
CreateFileA
GetModuleFileNameA
DisableThreadLibraryCalls
ExitProcess
Sleep
GetTickCount
GetLastError
CreateThread
WaitForSingleObject
OpenMutexA
CreateMutexA
GetCurrentThread
Process32First
MoveFileA
lstrcatA
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
GetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetFileAttributesA
ReleaseMutex
GetTempPathA
lstrcmpiA
LocalFree
GetComputerNameA
GetSystemInfo
GetVolumeInformationA
lstrcpynA
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
TerminateProcess
CloseHandle
Process32Next
SetFilePointer

advapi32

RegSetValueExA
OpenThreadToken
RegQueryValueExA
ImpersonateSelf
RegOpenKeyExA
RegCloseKey
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteExA
ShellExecuteA

user32

wsprintfA
GetCursorPos
GetSystemMetrics

wininet

InternetGetConnectedState
FindCloseUrlCache
FindNextUrlCacheEntryA
InternetReadFile
InternetOpenUrlA
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
FindFirstUrlCacheEntryA

netapi32

NetScheduleJobEnum
NetScheduleJobDel
NetApiBufferFree
NetScheduleJobAdd

msvcrt

_strdup
_CxxThrowException
strncpy
??1type_info@@UAE@XZ
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
realloc
strcpy
strcat
free
_snprintf
sprintf
strstr
wcslen
srand
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_onexit
__dllonexit
_adjust_fdiv
printf
malloc
rand
_except_handler3
strcmp
strlen
_initterm

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
SysStringLen
SysAllocString

Exports

Exports

abcgh
addNumbers

Sections

.text
Size: 32KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ccb08676c163835341c54541bd441e0

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

user32

wininet

netapi32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 256.0MB

.rdata Size: 4KB - Virtual size: 256.0MB

.data Size: 4KB - Virtual size: 256.0MB

.reloc Size: 4KB - Virtual size: 256.1MB

.text
Size: 32KB - Virtual size: 256.0MB

.rdata
Size: 4KB - Virtual size: 256.0MB

.data
Size: 4KB - Virtual size: 256.0MB

.reloc
Size: 4KB - Virtual size: 256.1MB