3116f0a2ed4a888fa5839184b6e70f0fd381bf5ed0f131f87f2ab647edcee92dN

Sharing

Copy URL Twitter E-mail

General

Target

3116f0a2ed4a888fa5839184b6e70f0fd381bf5ed0f131f87f2ab647edcee92dN
Size

148KB
MD5

3ab52f97913bda085a098f3968668d40
SHA1

705bbf6fd10aed0f8c4b80f9aedade039ddd77c2
SHA256

3116f0a2ed4a888fa5839184b6e70f0fd381bf5ed0f131f87f2ab647edcee92d
SHA512

646bea23769e6df6800658b6a298684022c10f384c9f8daf86d80a85e79c6de44e95d7500f8d668dd777b42c3385f0567771676b3ebb1a24a39b402e955154ce
SSDEEP

3072:WffvMX430BMYTM+Ed543Wtt4KGLez3u5KHeuidKL8v/TLQi8aBJLXBlcfwci1:kXMX46TMPd5uWttae9HeuiKazjJFlcfO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3116f0a2ed4a888fa5839184b6e70f0fd381bf5ed0f131f87f2ab647edcee92dN

Files

3116f0a2ed4a888fa5839184b6e70f0fd381bf5ed0f131f87f2ab647edcee92dN
.dll windows:0 windows x86 arch:x86

93e218d2941e1401993af45e9295dbbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord825
ord389
ord6059
ord3229
ord5204
ord5808
ord1988
ord690
ord5356
ord800
ord500
ord772
ord540
ord823

msvcrt

wcscat
__CxxFrameHandler
malloc
free
sscanf
time
localtime
strftime
vsprintf
sprintf
strncpy
strchr
srand
rand
atoi
strcspn
strstr
_except_handler3
_CxxThrowException
tolower
toupper
_strcmpi
wcslen
_mbsicmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strrchr

kernel32

UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToFileTime
FormatMessageA
GetLocalTime
LocalFree
lstrcatA
DeviceIoControl
InterlockedIncrement
lstrcpyA
LoadLibraryA
GetProcAddress
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetCurrentProcess
WideCharToMultiByte
WaitForSingleObject
CreateThread
GetCurrentProcessId
TerminateProcess
OpenProcess
GetTickCount
MoveFileExA
DeleteFileA
Sleep
lstrlenA
FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
InterlockedDecrement
GetSystemInfo
WriteProcessMemory
CreateDirectoryA
ReadProcessMemory
VirtualQueryEx
GlobalFree
GlobalAlloc
GetVersionExA
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
WinExec
SetLastError
ReleaseMutex
CreateMutexA
InterlockedExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow
wsprintfA

advapi32

QueryServiceStatus
LookupPrivilegeValueA
RegEnumValueA
RegQueryInfoKeyA
CreateServiceA
RegCreateKeyA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
OpenProcessToken

ws2_32

WSAIoctl
ntohs
send
__WSAFDIsSet
recv
connect
setsockopt
WSACleanup
WSAStartup
socket
inet_addr
bind
ioctlsocket
select
WSAGetLastError
recvfrom
htonl
sendto
closesocket
htons

shlwapi

PathIsDirectoryA
StrStrIA
PathFileExistsA

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringLen

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

netapi32

Netbios

Exports

Exports

Group

Sections

.text
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pmd0
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pmd1
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93e218d2941e1401993af45e9295dbbf

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

shlwapi

ole32

oleaut32

msvcp60

netapi32

Exports

Exports

Sections

.text Size: - Virtual size: 66KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 24KB

.pmd0 Size: - Virtual size: 73KB

.pmd1 Size: 140KB - Virtual size: 139KB

.reloc Size: 4KB - Virtual size: 272B

.text
Size: - Virtual size: 66KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 24KB

.pmd0
Size: - Virtual size: 73KB

.pmd1
Size: 140KB - Virtual size: 139KB

.reloc
Size: 4KB - Virtual size: 272B