3c7caa560f1749617c30363e337f1da2a9785766978d9d4dc7e67b5c01a2e815

Sharing

Copy URL Twitter E-mail

General

Target

3c7caa560f1749617c30363e337f1da2a9785766978d9d4dc7e67b5c01a2e815
Size

449KB
MD5

8458c3c8735b94b0fa1e0cc31a3b1b9b
SHA1

bb8799260b916e6008bbb825350e050e2caf3a96
SHA256

3c7caa560f1749617c30363e337f1da2a9785766978d9d4dc7e67b5c01a2e815
SHA512

76ac3773d010496e416da597723025063fec958d5c77d1fbbd7c29adc3a9895c0724099cf2e16d41ee76a37f9617f24351cda682e37fcb1e7b1a7f05d599982c
SSDEEP

3072:rZ96Y/QWR8HFWSfYFk4KYcT2e0lFsT1ya:rxZRFSfYFkZYRlFu1d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c7caa560f1749617c30363e337f1da2a9785766978d9d4dc7e67b5c01a2e815

Files

3c7caa560f1749617c30363e337f1da2a9785766978d9d4dc7e67b5c01a2e815
.dll windows:5 windows x86 arch:x86

8f750dbb0a7159847eb2981dcebecb51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrChrA
StrCmpNIW
PathStripPathA
StrRChrW
StrRChrA

ntdll

NtQuerySystemInformation
RtlUnwind

ws2_32

bind
socket
closesocket
send
listen
accept
WSAStartup
WSACleanup
htonl
htons
ioctlsocket
select
recv
shutdown

psapi

EnumProcessModules
GetMappedFileNameA

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam

kernel32

CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersion
CreateEventA
GetCurrentProcessId
lstrcmpA
lstrlenA
GetCurrentProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
DeleteCriticalSection
lstrcpyA
lstrcmpiA
GetModuleFileNameA
HeapAlloc
HeapFree
SetEvent
OpenThread
GetCurrentThreadId
CreateThread
HeapReAlloc
MultiByteToWideChar
GetVersionExA
WideCharToMultiByte
lstrlenW
lstrcpyW
ExpandEnvironmentStringsW
MulDiv
GetModuleHandleA
GlobalUnlock
FindFirstFileW
WriteFile
OpenProcess
lstrcmpW
FindClose
RemoveDirectoryW
lstrcmpiW
lstrcatW
FindNextFileW
DeleteFileW
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
TerminateProcess
lstrcatA
CreateMutexA
GetLocaleInfoW
VerLanguageNameW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
LoadLibraryW
SetLastError
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
GetSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetTempPathW
HeapDestroy
HeapCreate
LocalFree
GetCurrentThread
TerminateThread
SetUnhandledExceptionFilter
GetExitCodeThread
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualQuery
TlsGetValue
TlsSetValue
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
ExitProcess
GetStdHandle
GetModuleFileNameW
GetLastError
Sleep
WaitForSingleObject
GlobalLock
EncodePointer

user32

GetUserObjectInformationA
VkKeyScanA
GetKeyboardLayoutList
ToAscii
MoveWindow
DispatchMessageA
GetSysColor
RedrawWindow
GetKeyboardLayout
TranslateMessage
BeginPaint
GetClientRect
KillTimer
DrawTextW
CharUpperBuffW
GetWindowRect
SetTimer
GetMessageA
EndPaint
wsprintfW
wsprintfA
GetThreadDesktop
GetWindowInfo
GetParent
PtInRect
FindWindowExA
GetClipboardData
CreateWindowExA
ChangeClipboardChain
DefWindowProcA
OpenClipboard
SetClipboardViewer
GetClipboardOwner
RegisterClassA
IntersectRect
GetDC
ReleaseDC
CloseDesktop
RegisterWindowMessageA
GetDesktopWindow
SetThreadDesktop
GetWindowThreadProcessId
GetWindow
DestroyWindow
CloseClipboard
SendNotifyMessageA
SetWindowLongA
GetWindowLongA

gdi32

SetWindowOrgEx
BitBlt
SetTextColor
CreateFontA
SetBkColor
SetBkMode
SelectClipRgn
GetClipBox
ExtTextOutA
DeleteDC
CreateDIBSection
GetDeviceCaps
GetDIBits
SetDIBColorTable
GetRegionData
GetSystemPaletteEntries
CreatePatternBrush
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
GetStockObject

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

CheckVnc
ClientSetModule
VncStartServer
VncStopServer

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f750dbb0a7159847eb2981dcebecb51

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ntdll

ws2_32

psapi

crypt32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 6KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 6KB

.shell
Size: 320KB - Virtual size: 320KB