2687092e7a9b15afc19f3016000851de2fc5d4b8f31b1b8f39382491d4afa881N

Sharing

Copy URL

Twitter E-mail

General

Target

2687092e7a9b15afc19f3016000851de2fc5d4b8f31b1b8f39382491d4afa881N
Size

184KB
MD5

ec006a397a4533f645f0d00c7a042df0
SHA1

31cc4ddb4021c0d0c090fc04c2d4eef343447bac
SHA256

2687092e7a9b15afc19f3016000851de2fc5d4b8f31b1b8f39382491d4afa881
SHA512

e44ad97b445c4a55e06da38c3fa6ddc0fca8c3ec018e4bb4f97566b002c1f3e5329bef732515cb93c3b3d9fa11e304c241bd6ce539fb29c30efcd0d9e24926b3
SSDEEP

3072:iv5xXA/ezfIIY9Jm+j9ZY4nfDPzdDHsQGjFRZRvD0BP++pZAEjKZjYHp7UOr:iE5I4PvYyfDP5r0FR770BaFZjYHdFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2687092e7a9b15afc19f3016000851de2fc5d4b8f31b1b8f39382491d4afa881N

Files

2687092e7a9b15afc19f3016000851de2fc5d4b8f31b1b8f39382491d4afa881N
.dll windows:0 windows x86 arch:x86

1cb44e3fd2b456c57ddbbc34a99f6c10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord825
ord6059
ord389
ord3229
ord5204
ord5808
ord500
ord772
ord540
ord800
ord5356
ord690
ord1988
ord823

msvcrt

rand
strchr
strncpy
sscanf
__CxxFrameHandler
wcscat
memcpy
malloc
free
_strnicmp
strcpy
srand
memcmp
_stricmp
strrchr
strcat
time
localtime
strftime
vsprintf
sprintf
strlen
memset
atoi
strcspn
strstr
_except_handler3
_CxxThrowException
tolower
toupper
strcmp
wcscpy
strncat
calloc
_mbsstr
_mbsnbcpy
_strcmpi
wcslen
_mbsicmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_memicmp

kernel32

CreateToolhelp32Snapshot
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
SetFileTime
GetFileAttributesA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
FormatMessageA
CreateProcessA
GetLocalTime
VirtualQuery
lstrcatA
DeviceIoControl
SetFileAttributesA
MoveFileA
LocalFree
Process32First
lstrcmpiA
DebugActiveProcess
Process32Next
ExpandEnvironmentStringsA
GetModuleHandleA
InterlockedIncrement
CopyFileA
InterlockedExchange
CreateMutexA
ReleaseMutex
SetLastError
WinExec
lstrcpyA
LoadLibraryA
GetProcAddress
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
TerminateThread
WaitForSingleObject
CreateThread
GetCurrentProcessId
TerminateProcess
OpenProcess
GetTickCount
MoveFileExA
DeleteFileA
Sleep
lstrlenA
DuplicateHandle
FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
InterlockedDecrement
GetSystemInfo
WriteProcessMemory
CreateDirectoryA
ReadProcessMemory
VirtualQueryEx
GlobalFree
GlobalAlloc
GetVersionExA
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow
wsprintfA

advapi32

QueryServiceStatus
LookupPrivilegeValueA
RegQueryInfoKeyA
RegEnumValueA
CreateServiceA
RegCreateKeyA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
OpenProcessToken

ws2_32

inet_addr
htonl
sendto
closesocket
WSACleanup
send
__WSAFDIsSet
recv
connect
setsockopt
WSAIoctl
WSAStartup
socket
htons
ntohs
bind
ioctlsocket
select
recvfrom
WSAGetLastError

shlwapi

PathIsDirectoryA
PathFileExistsA
StrStrIA

ntdll

NtQueryInformationFile
NtQuerySystemInformation

psapi

GetModuleFileNameExA

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoInitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysAllocStringByteLen
SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocString
VariantInit
SysStringLen
VariantClear

msvcp60

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

netapi32

Netbios

Exports

Exports

Scheduler

Sections

.text
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flps0
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.flps1
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cb44e3fd2b456c57ddbbc34a99f6c10

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

shlwapi

ntdll

psapi

ole32

oleaut32

msvcp60

netapi32

Exports

Exports

Sections

.text Size: - Virtual size: 130KB

.rdata Size: - Virtual size: 16KB

.data Size: - Virtual size: 29KB

.flps0 Size: - Virtual size: 95KB

.flps1 Size: 176KB - Virtual size: 172KB

.reloc Size: 4KB - Virtual size: 132B

.text
Size: - Virtual size: 130KB

.rdata
Size: - Virtual size: 16KB

.data
Size: - Virtual size: 29KB

.flps0
Size: - Virtual size: 95KB

.flps1
Size: 176KB - Virtual size: 172KB

.reloc
Size: 4KB - Virtual size: 132B