28a8c9519adc17a723e6f0f354002e68ee72bca94a4afebe435fe690f0cf3e88N

Sharing

Copy URL Twitter E-mail

General

Target

28a8c9519adc17a723e6f0f354002e68ee72bca94a4afebe435fe690f0cf3e88N
Size

48KB
MD5

14bda92c2b239e5a31d2b3ff3593e640
SHA1

ea8cfdf11c9e74396250386493fe5b7a1050515d
SHA256

28a8c9519adc17a723e6f0f354002e68ee72bca94a4afebe435fe690f0cf3e88
SHA512

376d11e4a074cd8aaa94a0e948b877215118dbe27ddea2837ce485887c39fc0587cc97a64af9eb45529d23315c2638e4a9579fc9a5ca94492e3a5391dc4dd18b
SSDEEP

1536:hIIOXtfCzVeRRI4SPGbmvsHF2IyT2XtVMH6fuvHWH9FD:hIIjzVejEPGbmvLtHWrD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a8c9519adc17a723e6f0f354002e68ee72bca94a4afebe435fe690f0cf3e88N

Files

28a8c9519adc17a723e6f0f354002e68ee72bca94a4afebe435fe690f0cf3e88N
.dll windows:4 windows x86 arch:x86

9bdab20b24c776f2c3e425697d0aad6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
GetThreadDesktop
wsprintfA
CharUpperA
GetWindowTextA
GetWindowThreadProcessId
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DestroyWindow
DispatchMessageA
SendInput
GetMessageA
SendMessageA
IsWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
CreateDesktopA
SetProcessWindowStation
OpenWindowStationA
ToAscii
GetKeyboardState
OpenInputDesktop
SetThreadDesktop
SetCursorPos
OpenDesktopA
ExitWindowsEx
MessageBoxA
GetActiveWindow
GetFocus

gdi32

GetCurrentObject
CreateDCA
DeleteDC
GetDeviceCaps

advapi32

OpenThreadToken
LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
ChangeServiceConfigA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueExA
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
EnumServicesStatusA
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AdjustTokenPrivileges

shell32

SHFileOperationA
ShellExecuteA
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal

ws2_32

WSAStartup
WSADuplicateSocketA
WSASocketA
recv
select
getsockname
inet_addr
send
htons
listen
setsockopt
bind
socket
connect
gethostbyname
inet_ntoa
closesocket
ntohs
accept

shlwapi

StrStrA
StrCmpNIA
StrToIntA
StrChrA
SHDeleteKeyA
StrRChrA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

mswsock

TransmitFile

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

msvcrt

strcpy
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strstr
strchr
malloc
wcscmp
free
memcpy
abs
_beginthread
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

kernel32

SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcatA
OpenEventA
CallNamedPipeA
GetStartupInfoA
GetModuleFileNameA
GetSystemDirectoryA
IsDBCSLeadByte
GetLocalTime
ExitProcess
GetFileAttributesA
WaitForMultipleObjects
CreateThread
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
SetThreadPriority
CreateProcessA
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetCurrentProcessId
lstrcmpiA
FindFirstFileA
lstrcmpA
FindNextFileA
GetLastError
FindClose
GetFileAttributesExA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
lstrcpyA
MoveFileA
CreateDirectoryA
WriteFile
GetTempPathA
lstrlenA
SetEvent
WaitForSingleObject
GetFileSize
DeleteFileA
GetVersion
QueryPerformanceCounter
DeviceIoControl
CreateEventA
GetCurrentThreadId
Sleep
CreateFileA
GetFileSizeEx
SetFilePointerEx
ReadFile
CloseHandle
GetTickCount
LoadLibraryA
QueryPerformanceFrequency

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bdab20b24c776f2c3e425697d0aad6a

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

wininet

mswsock

imm32

msvcrt

avicap32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB