bfd49391b50467bfc2f6cf3ca7f49018fe699036340f2946503e497d2b33abe0N

General

Target

bfd49391b50467bfc2f6cf3ca7f49018fe699036340f2946503e497d2b33abe0N
Size

28KB
MD5

49c55186fef7df34208c5f4ce289d220
SHA1

cc32ec8b83a61c9b7698c6f56c057b0b696668fd
SHA256

bfd49391b50467bfc2f6cf3ca7f49018fe699036340f2946503e497d2b33abe0
SHA512

45444443b8a499ed9e33db4e113b7976f67ead5cea1fe0e0eab44870961b8a9c9e6383cc3a79b2c62f889892e9926771447979f7b779b20ef8f65b1301c2da8a
SSDEEP

192:C8K8LvvZsNr5sa7JNYstvdOZYMvLhi3RzZVUXw+zNepyzHcfbckDWZOb46n:CbH1dOZvLhQRlVUtzNeFTccZn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfd49391b50467bfc2f6cf3ca7f49018fe699036340f2946503e497d2b33abe0N

Files

bfd49391b50467bfc2f6cf3ca7f49018fe699036340f2946503e497d2b33abe0N
.dll windows:4 windows x86 arch:x86

61f61276f052ebaa8cd79aff76641e00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
lstrcpyA
GetWindowsDirectoryA
GetProcAddress
Sleep
CreateFileA
lstrcatA
ReadFile
GetModuleHandleA
LocalAlloc
CreateThread
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
Module32First
Module32Next
lstrlenA
OpenProcess
VirtualProtectEx
VirtualProtect
WriteProcessMemory
lstrcmpA
CreateToolhelp32Snapshot
CloseHandle

user32

ToAscii
MapVirtualKeyA
wsprintfA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

strstr
_except_handler3
strrchr
_purecall
atoi
isprint
strncat
strlen
strcat
_itoa
??2@YAPAXI@Z
memset
strcpy
memcpy
??3@YAXPAX@Z

Exports

Exports

comonbabyouyes
comonbabyouyesDrawTextEx
comonbabyouyesEditControl
comonbabyouyesExtTextOut
comonbabyouyesGetCharacterPlacement
comonbabyouyesGetTextExtentExPoint
comonbabyouyesPSMTextOut

Sections

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61f61276f052ebaa8cd79aff76641e00

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Exports

Exports

Sections

.bss Size: - Virtual size: 17KB

.data Size: 12KB - Virtual size: 12KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 12KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB