4b0c1e0923be8bf6694a131c641758e0910f662f07bd45cd5c22532a3b8e9f65

Sharing

Copy URL Twitter E-mail

General

Target

4b0c1e0923be8bf6694a131c641758e0910f662f07bd45cd5c22532a3b8e9f65
Size

545KB
MD5

aad41441ce6dead8c634a3330be56fb4
SHA1

45bbbcb083855d06f8b851ff64dc3fc40140b374
SHA256

4b0c1e0923be8bf6694a131c641758e0910f662f07bd45cd5c22532a3b8e9f65
SHA512

70559562812170fceb040de706596fb9fb9450f465b63baccf55ed42c6bab6416517572eb0c71a7c13cfeb06a75441e08da52068a3cf072b4dd133fdcab4a472
SSDEEP

12288:L+oOvlogan6QhzZQ+8WXwWsgooPO2/hSMXliphqet+:L0+6Qb6NWsgXPO2/hSMXlIhk

Score

1^/10

Malware Config

Signatures

Files

4b0c1e0923be8bf6694a131c641758e0910f662f07bd45cd5c22532a3b8e9f65
.dll windows x64

95f60ef65907e59adb430341aa5660d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
GetCurrentThread
SetLastError
TerminateProcess
ResumeThread
GetLastError
CloseHandle
ExitProcess
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
UnmapViewOfFile
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryExW
WriteConsoleW
CreateFileW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode

ws2_32

InetPtonW
GetAddrInfoExW

Exports

Exports

UalInstrument
UalStart
UalStop

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f60ef65907e59adb430341aa5660d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 244B

.detourc Size: 26KB - Virtual size: 25KB

.detourd Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 244B

.detourc
Size: 26KB - Virtual size: 25KB

.detourd
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB