2bfee4736a98d1ba114a8336a95857ccc8f4940ad0bebd698c26dfb51cf55275

Sharing

Copy URL Twitter E-mail

General

Target

2bfee4736a98d1ba114a8336a95857ccc8f4940ad0bebd698c26dfb51cf55275
Size

396KB
MD5

2560ab08ce1c83adbfa2d6c9fd55074d
SHA1

217053cf41ea1170f9731c9ae32f4e3f956aa208
SHA256

2bfee4736a98d1ba114a8336a95857ccc8f4940ad0bebd698c26dfb51cf55275
SHA512

7b645a5c2d3d300d78be119b365b9953c6f6b7458f771a7f7a50567afc44a66e657b5debdffde4eb09080941a5b40699e8eb77f2547d9789b497f4cfcbac0bb7
SSDEEP

1536:q//Nv08SxcrVAmNKxvt5xn6DcL741Jkw3Y5nztZmiW:s/NcB4cXtqwOSztZmiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bfee4736a98d1ba114a8336a95857ccc8f4940ad0bebd698c26dfb51cf55275

Files

2bfee4736a98d1ba114a8336a95857ccc8f4940ad0bebd698c26dfb51cf55275
.dll windows:4 windows x86 arch:x86

e3ebc86d2bdff860c9c9631c2edb0037

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetFileSize
Sleep
CreateFileA
GetProcAddress
LoadLibraryA
GetLastError
CreateMutexA
OpenProcess
GetCurrentProcessId
GetWindowsDirectoryA
VirtualAlloc
MultiByteToWideChar
ReadFile
WaitForMultipleObjects
CreateProcessA
WideCharToMultiByte
DeleteFileA
GetSystemDirectoryA
GetTempPathA
GetVersionExA
GetOEMCP
WriteFile
VirtualFree
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
ExitThread
GetCurrentThreadId
CreateThread
GetFileAttributesA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
SetStdHandle
FlushFileBuffers
HeapSize
InitializeCriticalSection
GetCPInfo
GetACP
WriteConsoleA

advapi32

GetUserNameA

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
InternetQueryOptionA

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup

Exports

Exports

myfuc

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ebc86d2bdff860c9c9631c2edb0037

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 21KB

.reloc Size: 6KB - Virtual size: 5KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 21KB

.reloc
Size: 6KB - Virtual size: 5KB

.shell
Size: 320KB - Virtual size: 320KB