ab39682aba030046de05ba929e40ed889becf9bfbd719bc1edeff727520e966b

Sharing

Copy URL Twitter E-mail

General

Target

ab39682aba030046de05ba929e40ed889becf9bfbd719bc1edeff727520e966b
Size

458KB
MD5

91a64ab8b867157511a1caa27fb27d75
SHA1

6554573cc78db742d72b0e39e69f412856b882dc
SHA256

ab39682aba030046de05ba929e40ed889becf9bfbd719bc1edeff727520e966b
SHA512

697cb6c710e775f8e1d69621b1836647c903e217e8b02e1379ae9ed895185bee505215440b480b51f349452c7c6bb272bdbe1928e8875feda4965aa139f52a64
SSDEEP

1536:HAxXHAa3Xlv8qcnmttRUtxwxXrH3HSglmaHMMods/XpD/XE769v+ntlh2:MHm9nuowpzcaMMjx8GZ+ntl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab39682aba030046de05ba929e40ed889becf9bfbd719bc1edeff727520e966b

Files

ab39682aba030046de05ba929e40ed889becf9bfbd719bc1edeff727520e966b
.dll windows:4 windows x86 arch:x86

4903197d0e6a68134c20b5ee69606d22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WinExec
GetVersionExA
GetOEMCP
GetLastError
CreateMutexA
GetCurrentProcessId
GetWindowsDirectoryA
WriteFile
MultiByteToWideChar
ReadFile
WaitForSingleObject
CreateProcessA
WideCharToMultiByte
LocalFree
SetEndOfFile
DeleteFileA
GetSystemDirectoryA
GetCurrentProcess
LoadLibraryA
GetProcAddress
OpenProcess
CreateFileA
Sleep
GetFileSize
CloseHandle
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
FlushFileBuffers
HeapReAlloc
HeapCreate
VirtualAlloc
VirtualFree
HeapDestroy
GetACP
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
ExitProcess
SetHandleCount

user32

CharLowerA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

wininet

InternetQueryOptionA
InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpOpenRequestA
InternetConnectA

ws2_32

WSACleanup
inet_ntoa
gethostbyname
WSAStartup
gethostname

psapi

EnumProcessModules
GetModuleBaseNameA

Exports

Exports

myfuc

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4903197d0e6a68134c20b5ee69606d22

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

psapi

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 90KB

.reloc Size: 11KB - Virtual size: 10KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 90KB

.reloc
Size: 11KB - Virtual size: 10KB

.shell
Size: 320KB - Virtual size: 320KB