3f1173426133ac70db98550db6fe05d0e16abd6257771ad2cea323427c47e291

Sharing

Copy URL Twitter E-mail

General

Target

3f1173426133ac70db98550db6fe05d0e16abd6257771ad2cea323427c47e291
Size

656KB
MD5

8c168f927b3a8ace1bf5170fd14fc509
SHA1

ca9ccb32142201fea57d707bfd11a01d0b012d91
SHA256

3f1173426133ac70db98550db6fe05d0e16abd6257771ad2cea323427c47e291
SHA512

4abb4aabcb6062a49e65848fe34fb9c4f9be411ae137a5765cf30088da1732eb5121ff8849383d9be93f94afa424bd131ea64b13175616c661c975984781b739
SSDEEP

12288:dUVfK5gkIiUWFwVDLR4yKmaEMB51qpuDVnt6HhYLUS80NPPT3mtJv3z4os:dUVfK5gkXUyYKRDVt2hYwS80NPPT3mt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f1173426133ac70db98550db6fe05d0e16abd6257771ad2cea323427c47e291

Files

3f1173426133ac70db98550db6fe05d0e16abd6257771ad2cea323427c47e291
.dll windows:4 windows x86 arch:x86

1b7c80ed9fec87ed6e976248b270b53d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA
EnumProcessModules

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

inet_addr
connect
gethostname
gethostbyname
htons
htonl
WSAGetLastError
WSAAsyncSelect
listen
socket
WSACleanup
WSAStartup
getpeername
inet_ntoa
send
closesocket
recv
accept
bind

kernel32

GetPrivateProfileIntA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
LeaveCriticalSection
GetCurrentDirectoryA
Thread32First
TerminateThread
Thread32Next
GetComputerNameA
CreateFileMappingA
MapViewOfFile
FreeLibrary
SetPriorityClass
LoadLibraryA
EnterCriticalSection
GetTickCount
lstrcmpiA
VirtualProtect
VirtualQuery
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
LocalFree
WideCharToMultiByte
LocalAlloc
Sleep
GetCurrentProcess
MultiByteToWideChar
CloseHandle
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
OpenProcess
GetCurrentProcessId
Process32Next
GetBinaryTypeA
Module32First
TerminateProcess
GetPriorityClass
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
GetProcAddress
DeleteFileA

user32

GetWindowTextA
GetClientRect
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcA
wsprintfA
ClientToScreen
GetSystemMetrics
SendInput
SetCursorPos
MapVirtualKeyA
ScreenToClient
UnhookWindowsHookEx
GetParent
GetAsyncKeyState
CallNextHookEx
SetTimer
SetWindowLongA
GetDC
ReleaseDC
DestroyWindow
GetFocus
GetCursorPos
keybd_event
FindWindowExA
RegisterClassExA
CreateWindowExA
UpdateWindow
ShowWindow
SendMessageA
CallWindowProcA
GetForegroundWindow
GetWindowLongA
SendDlgItemMessageA
IsDlgButtonChecked
CheckDlgButton
SetWindowPos
SetFocus
SetForegroundWindow
CreatePopupMenu
InsertMenuA
GetDlgItem
GetWindowRect
TrackPopupMenu
DestroyMenu
SetWindowsHookExA

gdi32

SetTextColor
PatBlt
SetBkColor
GetTextColor
TextOutA
GetPixel
CreateSolidBrush
SetPixel
BitBlt

msvcrt

_mbscpy
fread
fseek
ftell
fputc
fwrite
_ftol
atol
_beginthreadex
_mkdir
srand
_mbschr
malloc
free
time
localtime
fprintf
_strnicmp
_strupr
fopen
fgets
fclose
_mbscmp
_stricmp
rand
_itoa
isdigit
strchr
strtok
_except_handler3
??2@YAPAXI@Z
abs
atoi
memcpy
strncpy
_mbsstr
__CxxFrameHandler
strstr
_mbstok
_mbsncmp
isalpha
strlen
_mbscat
strrchr
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strcpy
strncmp
??3@YAXPAX@Z
sprintf
strcmp
memset
_ismbblead
strcat

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

Exports

Exports

OffHookPCTW
OnHookPCTW

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b7c80ed9fec87ed6e976248b270b53d

Headers

File Characteristics

Imports

psapi

wininet

ws2_32

kernel32

user32

gdi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 512KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 64KB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 516KB - Virtual size: 512KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 64KB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 56KB - Virtual size: 55KB