eca01633f754d5fe7c79345a2abeccab698983da8459f16cc51567a6a5a75384

Sharing

Copy URL

Twitter E-mail

General

Target

eca01633f754d5fe7c79345a2abeccab698983da8459f16cc51567a6a5a75384
Size

358KB
MD5

12319420b5b94f6b29ea1bc7dd366be4
SHA1

1254bd83cc00d6e8d12894a6ac455cd9e52f1fab
SHA256

eca01633f754d5fe7c79345a2abeccab698983da8459f16cc51567a6a5a75384
SHA512

01ff9ee4e30d94bf6325b6c4ec9b5894d3addc6f5ae132b179e37066685ca000817d4cd713dd4502cdb8d44c0b867458772f1906c66abe568e98c8f82f98ac25
SSDEEP

6144:zxXw4qYQCgievf6jSDdkptzTyzHyNH3jumL0QCAps:VXpWQj0dkDAyNXKmL7bs

Score

1^/10

Malware Config

Signatures

Files

eca01633f754d5fe7c79345a2abeccab698983da8459f16cc51567a6a5a75384
.dll windows x86

81b631a4b99c368e24daaa1d0e6e34eb

Code Sign

39:82:8c:3b:ac:33:a6:7b:5d:f8:c2:7a:cb:cc:6d:59:c5:93:9a:05
Signer

Actual PE Digest

39:82:8c:3b:ac:33:a6:7b:5d:f8:c2:7a:cb:cc:6d:59:c5:93:9a:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01-01-0001 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetCommandLineA
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
CompareStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
GlobalFlags
lstrcmpA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrlenA
GetCurrentProcessId
GetComputerNameA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLongPathNameA
LoadLibraryExA
ResumeThread
SuspendThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
DeleteFileA
GetModuleFileNameA
GetTempPathA
Sleep
TerminateProcess
WaitForSingleObject
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetLogicalDriveStringsA
GetLastError
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
lstrcmpiA
GetVersionExA
GetModuleHandleA
GetProcAddress
CreateFileA
GetDriveTypeA
GetCurrentProcess
OutputDebugStringA
GetWindowsDirectoryA
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
LocalFree
InterlockedDecrement
WideCharToMultiByte
GetStartupInfoA
MultiByteToWideChar

user32

PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
DestroyMenu
LoadCursorA
GetSysColorBrush
UnregisterClassA
ValidateRect
ReleaseDC
GetDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
SetWindowTextA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
FindWindowA
EnumChildWindows
EnableWindow
SendMessageA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
GetClassNameA
GetWindowThreadProcessId
PostMessageA
RegisterWindowMessageA
LoadStringA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
GetClientRect
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic

gdi32

GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
DeleteObject
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

GetExplicitEntriesFromAclA
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegEnumKeyA
RegDeleteValueA
RegEnumValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
RegEnumKeyExA
LookupAccountNameA
ConvertSidToStringSidA
IsValidSid
LookupAccountSidA
GetTokenInformation
RegCloseKey
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellExecuteA

shlwapi

SHGetValueA
PathRemoveFileSpecA
StrStrIA
PathFileExistsA
PathIsDirectoryA
StrToIntA
PathAppendA
PathFindFileNameA
PathFindExtensionA
PathAppendW

oleaut32

VariantChangeType
VariantInit
VariantClear

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

psapi

EnumProcesses
GetProcessImageFileNameA
GetModuleFileNameExA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

LoadUserProfileA
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock

netapi32

NetUserEnum
NetLocalGroupEnum
NetApiBufferFree
NetShareEnum

Exports

Exports

GetDllVersion
PauseCheck
StartCheck
StopCheck
StopCheckEx

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81b631a4b99c368e24daaa1d0e6e34eb

Code Sign

39:82:8c:3b:ac:33:a6:7b:5d:f8:c2:7a:cb:cc:6d:59:c5:93:9a:05Signer

Signature Validations

Verification

01-01-0001 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

wtsapi32

psapi

version

userenv

netapi32

Exports

Exports

Sections

.text Size: 245KB - Virtual size: 245KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 9KB - Virtual size: 38KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 35KB - Virtual size: 35KB

39:82:8c:3b:ac:33:a6:7b:5d:f8:c2:7a:cb:cc:6d:59:c5:93:9a:05
Signer

01-01-0001 00:00
Valid: false

.text
Size: 245KB - Virtual size: 245KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 9KB - Virtual size: 38KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 35KB - Virtual size: 35KB