19a08e18aa613298ca23a86c518057b9eaeeec7e8ef8cf03c782551f5c4d2ab3N

Sharing

Copy URL Twitter E-mail

General

Target

19a08e18aa613298ca23a86c518057b9eaeeec7e8ef8cf03c782551f5c4d2ab3N
Size

924KB
MD5

e208fc96be1d5ad3b02ebb14eed01c50
SHA1

503bae82a580b254079d0c72e3d3af4439d8403c
SHA256

19a08e18aa613298ca23a86c518057b9eaeeec7e8ef8cf03c782551f5c4d2ab3
SHA512

87ec643b65aa0e237b47949c62f1c161d1bd5a215bf2fada5536ac8714cc8b8c9c3086f717c1b4ebdf3d5aa53fd12177c22c0b1223a77174bea23334be980a99
SSDEEP

12288:v97RKy9q6tmu/JRFrR/C4R0gnq+Q/lzIFjWaiMhSYnH1UU:V7RKy9ZtmQHFMdgnq+mzI1W0gU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a08e18aa613298ca23a86c518057b9eaeeec7e8ef8cf03c782551f5c4d2ab3N

Files

19a08e18aa613298ca23a86c518057b9eaeeec7e8ef8cf03c782551f5c4d2ab3N
.dll windows:4 windows x86 arch:x86

069e5a5c057b38aabb7dea19b594ea89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WORK2005\BinOut\SR_UserData.pdb

Imports

kernel32

lstrlenA
GetLocaleInfoA
InterlockedExchange
GetThreadLocale
GetACP
GetVersionExA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetUserDefaultLangID
DebugBreak
lstrcmpiA
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CompareStringA
GetTimeFormatA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
ReadFile
CloseHandle
WideCharToMultiByte
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetLastError
GetCurrentThread
IsDebuggerPresent
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
InterlockedDecrement
GetSystemInfo
GlobalMemoryStatus
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSection
lstrcpynA
MultiByteToWideChar
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
ResetEvent
CreateEventA
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
GetTickCount
CreateDirectoryA
SleepEx
SetThreadPriority
ResumeThread
SuspendThread
FlushInstructionCache
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitThread
CreateThread
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FatalAppExitA
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

EnableWindow
MoveWindow
SendMessageA
SetWindowLongA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharNextA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
SetWindowPos
ShowWindow
UpdateWindow
GetWindowRect
GetClientRect
GetParent
GetSystemMetrics
RedrawWindow
AdjustWindowRect
GetWindowLongA
MessageBoxA
DefWindowProcA
LoadCursorA
GetDC
ReleaseDC
BeginPaint
EndPaint
SetParent
PtInRect
SetFocus
PeekMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
EndDialog
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
GetDlgItem
DrawTextA
GetClassNameA
EnumChildWindows
SetWindowTextA
GetWindowTextA
CreatePopupMenu
DestroyMenu
AppendMenuA
GetCursorPos
TrackPopupMenu
GetSysColor

ws2_32

getsockname
bind
connect
accept
WSASend
WSARecv
shutdown
WSASocketA
listen
getsockopt
setsockopt
WSACleanup
WSAStartup
closesocket
WSAIoctl
socket
inet_addr
getpeername
gethostbyname
WSAGetLastError
WSAGetOverlappedResult
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSACreateEvent
WSASetEvent
ntohs
inet_ntoa
htons
WSASendTo
WSARecvFrom

iphlpapi

GetAdaptersInfo

gdi32

GetTextExtentPoint32A
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
Polygon
Ellipse
CreateSolidBrush
DeleteObject
CreatePen
GetStockObject
CreateFontA
LineTo
MoveToEx
RoundRect
Rectangle
SetBkColor
TextOutA
SetTextAlign
GetDeviceCaps
BitBlt
SetBkMode

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA

ole32

CoCreateGuid

Exports

Exports

?CreatePlugin@@YA_NPAUsPluginCreateInfo@@@Z

Sections

.text
Size: 648KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

069e5a5c057b38aabb7dea19b594ea89

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

iphlpapi

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 648KB - Virtual size: 644KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 16KB - Virtual size: 548KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 32KB - Virtual size: 29KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 648KB - Virtual size: 644KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 16KB - Virtual size: 548KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 32KB - Virtual size: 29KB

.text
Size: 108KB - Virtual size: 108KB