e136c21f9f91ec75c1c6406eab733b929b0bb044389287b39b3fe5cbd9e7acf8

Sharing

Copy URL

Twitter E-mail

General

Target

e136c21f9f91ec75c1c6406eab733b929b0bb044389287b39b3fe5cbd9e7acf8
Size

1.5MB
MD5

bcbfc7839264f98cb26fe153cf61490b
SHA1

6a5cfc34aef0d04bc4221a8d2890d7fc657fd9b2
SHA256

e136c21f9f91ec75c1c6406eab733b929b0bb044389287b39b3fe5cbd9e7acf8
SHA512

3e7cf79b16f93a8d4ee14386712c472752d53d21eeeb97f1dd7d1e36550c7642b51238d7c87c5e92f4b9a850828f431fec32b88f7cce06eb9553dd89c5b65e47
SSDEEP

24576:QOlbBZ3Dvbubi2HrQFYx8DezmfYDTi0Ju7/c8ssai1fnsxdm9iYCMsBNwxDlxNM8:QTWmy8uBt2lKojyp/AtTChqwd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e136c21f9f91ec75c1c6406eab733b929b0bb044389287b39b3fe5cbd9e7acf8

Files

e136c21f9f91ec75c1c6406eab733b929b0bb044389287b39b3fe5cbd9e7acf8
.dll windows:4 windows x86 arch:x86

7703fc96bd4aff95251cebd4e9214ef8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadImageA
FillRect
GetClientRect
MessageBoxA
GetUserObjectInformationW
GetFocus
EnableWindow
GetProcessWindowStation
GetWindowRect

gdi32

CreatePatternBrush
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA

ws2_32

gethostbyname
htonl
inet_ntoa
closesocket
htons
bind
getservbyname
gethostbyaddr
listen
connect
setsockopt
getsockopt
getpeername
getsockname
getservbyport
sendto
recvfrom
ntohs
recv
send
socket
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
accept
WSAStartup
WSACleanup
ioctlsocket
gethostname
shutdown
ntohl
WSAIoctl
inet_addr

wldap32

ord26
ord30
ord200
ord32
ord35
ord50
ord33
ord301
ord27
ord41
ord46
ord143
ord211
ord79
ord22
ord45
ord60

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

mfc42

ord2864
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord5280
ord2514
ord800
ord2915
ord2818
ord537
ord6467
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord540
ord823
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3571
ord641
ord860
ord324
ord3663
ord3626
ord2414
ord2289
ord2370
ord4234
ord1200
ord6334
ord4299
ord6880
ord3092
ord1641
ord1168
ord4710
ord3573
ord755
ord640
ord5785
ord1640
ord323
ord4476
ord5875
ord3089
ord470

msvcrt

fclose
fread
fopen
sprintf
strrchr
ftell
fseek
fwrite
malloc
free
strncmp
_ftol
_CIpow
sscanf
floor
strchr
tolower
_mkdir
_access
strerror
_errno
remove
_snprintf
_findclose
realloc
_findnext
strncpy
strstr
_findfirst
fflush
_iob
printf
_chdir
localtime
time
rename
perror
fprintf
_vsnprintf
memmove
_strdup
_read
_write
__CxxFrameHandler
calloc
exit
rand
srand
_sys_nerr
strtoul
strpbrk
fgets
qsort
fputs
_stati64
fputc
_beginthreadex
setvbuf
getenv
_getpid
memchr
_lseeki64
_fstati64
gmtime
isspace
abort
_stat
_open
isdigit
isxdigit
_exit
raise
wcsstr
strcmp
_strnicmp
_wfopen
_setmode
isupper
_except_handler3
_getch
signal
_EH_prolog
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
atoi
strtol
_strrev
_close

kernel32

WaitForSingleObject
GetLastError
Sleep
CloseHandle
ReleaseMutex
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
SetLastError
GetModuleFileNameA
WritePrivateProfileStringA
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LocalFree
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
WriteFile
GetVersion
GetCurrentThreadId
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetModuleHandleA
GetVersionExA
ExpandEnvironmentStringsA
GetSystemDirectoryA
LoadLibraryA
SleepEx
GetTickCount
FreeLibrary
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA

netapi32

Netbios

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

Auth
SetDLLInfo
SetMerInfo
strdup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7703fc96bd4aff95251cebd4e9214ef8

Headers

File Characteristics

Imports

user32

gdi32

ws2_32

wldap32

advapi32

mfc42

msvcrt

kernel32

netapi32

msvcp60

version

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 248KB - Virtual size: 245KB

.data Size: 84KB - Virtual size: 100KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 60KB - Virtual size: 59KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 84KB - Virtual size: 100KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 60KB - Virtual size: 59KB

.rmnet
Size: 60KB - Virtual size: 60KB