fb249cb05b2f6acbf6db961d033e791b05186fe0b4d5a6b8f015661f7b09a3bf

Sharing

Copy URL Twitter E-mail

General

Target

fb249cb05b2f6acbf6db961d033e791b05186fe0b4d5a6b8f015661f7b09a3bf
Size

267KB
MD5

601ab71420eafbeaab94cab47a1a00dc
SHA1

134c1385975a2481f46e76bb6fd970b93b2b0924
SHA256

fb249cb05b2f6acbf6db961d033e791b05186fe0b4d5a6b8f015661f7b09a3bf
SHA512

5825d26225b4a8c03085149820d3b4561914dbfad430386e01661e82bd0285c1937740ee347e96d3a446f39365bf9f1062aac71e5e47099ec4dc97ad9d36c0b4
SSDEEP

6144:2drZEZJLzlNxxEYXtAEfahwm363Xh2HE+RSeIQG+Z:GSZkEfebu2HEySe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb249cb05b2f6acbf6db961d033e791b05186fe0b4d5a6b8f015661f7b09a3bf

Files

fb249cb05b2f6acbf6db961d033e791b05186fe0b4d5a6b8f015661f7b09a3bf
.dll windows:5 windows x86 arch:x86

a2bed01edef463ad886551af80153cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetTcpTable

dbghelp

SymGetModuleInfo
SymInitialize
SymGetModuleBase
SymSetOptions
SymGetSymFromAddr

msvcrt

_except_handler3
memset
memcpy
_snprintf
fclose
fseek
realloc
fwrite
fread
fopen
strncpy
malloc
calloc
free
sprintf
atoi
strstr
isprint

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA
InternetSetStatusCallback
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpQueryInfoA
InternetCloseHandle

ws2_32

ntohs
WSASetLastError
WSAGetLastError
accept
listen
send
gethostbyname
closesocket
socket
bind
recv
shutdown
htons
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
select
__WSAFDIsSet
inet_addr
recvfrom

shell32

ExtractIconExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA
ord680

shlwapi

PathMakeSystemFolderA
PathFileExistsA
StrCmpNIA
PathGetDriveNumberA
StrStrA
StrChrIA
PathAddBackslashA
PathFindFileNameA
StrStrIW
StrStrIA
StrToIntA

ntdll

ZwQueryInformationThread
RtlImageNtHeader
RtlCreateUserThread

kernel32

FileTimeToSystemTime
GetSystemTime
LocalFree
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
SetFilePointer
GetFileSize
FileTimeToDosDateTime
WriteProcessMemory
Module32Next
VirtualAllocEx
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesW
GetFileAttributesA
GetVersionExW
WideCharToMultiByte
VirtualProtect
GetThreadPriority
InterlockedExchange
FlushInstructionCache
lstrcmpA
FindFirstChangeNotificationA
FindNextChangeNotification
TerminateThread
WinExec
MoveFileA
ExitThread
GetCommandLineA
GetCommandLineW
ExitProcess
HeapValidate
GetProcessHeap
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
CopyFileA
WaitForMultipleObjects
GetLogicalDriveStringsA
SetCurrentDirectoryA
SetThreadPriority
GetDriveTypeA
SetErrorMode
GlobalUnlock
GlobalLock
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetTickCount
GetVolumeInformationA
GetSystemWindowsDirectoryA
CreateMutexA
GetCurrentProcess
GetTimeFormatA
GetCurrentThread
VirtualFree
GetDateFormatA
VirtualAlloc
AddVectoredExceptionHandler
DeleteFileA
GetSystemDefaultLangID
Process32First
OpenProcess
GetTimeZoneInformation
GetEnvironmentVariableA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
CreateFileA
MoveFileExA
lstrcpynA
SetEndOfFile
SetFilePointerEx
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
HeapReAlloc
HeapAlloc
HeapFree
SetEvent
Sleep
OpenMutexA
GetCurrentThreadId
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
CreateProcessA
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
GetCurrentProcessId
OpenFileMappingA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
CharUpperA
GetSystemMetrics
GetDC
SetThreadDesktop
OpenDesktopA
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
FindWindowA
GetDesktopWindow
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
IsWindowVisible
PostMessageA
IsWindow
MapVirtualKeyA
IsIconic
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
PrintWindow
WindowFromDC
GetWindowRgn
InvalidateRect
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
SetClassLongA
CreateWindowExA
SetWindowLongA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
GetThreadDesktop
GetUserObjectInformationA
PtInRect
GetFocus
GetLastActivePopup
RealChildWindowFromPoint
GetClassNameA
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii

gdi32

CreateFontIndirectA
GetObjectA
GetClipRgn
BitBlt
GetViewportOrgEx
GetDeviceCaps
SelectClipRgn
OffsetRgn
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegNotifyChangeKeyValue
RegEnumKeyExA
GetUserNameA
RegCloseKey
RegFlushKey
RegOpenKeyExA

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2bed01edef463ad886551af80153cd2

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 218KB - Virtual size: 217KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 5KB - Virtual size: 66KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 218KB - Virtual size: 217KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 5KB - Virtual size: 66KB

.reloc
Size: 14KB - Virtual size: 14KB