7fb465a1b3d3d3f74c4964a742764c754a125cfffe5539050a091b19f9501952

Sharing

Copy URL Twitter E-mail

General

Target

7fb465a1b3d3d3f74c4964a742764c754a125cfffe5539050a091b19f9501952
Size

3.5MB
MD5

9ef850a4ea11304b754a79b4d6f3e8d6
SHA1

5c0980f48af1553f4653f66fe809128910459849
SHA256

7fb465a1b3d3d3f74c4964a742764c754a125cfffe5539050a091b19f9501952
SHA512

7389fc3e0556874ec2ad6966867b88b6441e38af5087c647b1c215a3305d6ee2dc2b7d45a71495e8bee327e70d5d10c681f1b0ca68002bf12c78bacb995e56a3
SSDEEP

49152:APcXUCmk+Yr4y4VgUwpw1Dmxo2bKya2CTEbPGYHkTHAJi2No2Tv:htmk/4y4VApSipiax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fb465a1b3d3d3f74c4964a742764c754a125cfffe5539050a091b19f9501952

Files

7fb465a1b3d3d3f74c4964a742764c754a125cfffe5539050a091b19f9501952
.dll windows x64

dc4ce78a8cfd4d2704c189ac5cbb8e29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLogicalProcessorInformation
GetDiskFreeSpaceExW
GlobalMemoryStatus
GlobalMemoryStatusEx
CreateThread
SetEvent
CreateEventW
FreeLibrary
FileTimeToSystemTime
FindNextFileA
LoadLibraryA
OpenProcess
GetEnvironmentVariableA
CreateFileA
GetFileSizeEx
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleHandleA
GetSystemInfo
GetModuleFileNameA
QueryPerformanceFrequency
QueryPerformanceCounter
ResumeThread
LoadLibraryW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQueryEx
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualAlloc
VirtualFree
VirtualProtectEx
GetFileInformationByHandle
CreateMutexA
OpenFileMappingA
GetTickCount
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetSystemDirectoryW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringEx
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetStdHandle
FreeEnvironmentStringsW
SetFilePointerEx
QueryDosDeviceW
DeviceIoControl
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
CreateFileMappingW
CreateMutexW
GetWindowsDirectoryW
SetEndOfFile
SetFilePointer
SetFileTime
Sleep
RemoveDirectoryW
FindClose
FindNextFileW
GetFileAttributesW
ReadFile
GetFileSize
FindFirstFileW
SetFileAttributesW
EncodePointer
GetModuleHandleW
LocalFree
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
PeekNamedPipe
CreateProcessA
CreatePipe
GetCurrentProcess
IsWow64Process
WaitForSingleObject
WideCharToMultiByte
GetCurrentProcessId
GetConsoleMode
GetStdHandle
CreateDirectoryW
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
ExitProcess
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
WriteFile
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetComputerNameA
GetCurrentThreadId
GetModuleFileNameW
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetLastError
RaiseException
MultiByteToWideChar
IsProcessorFeaturePresent
RtlUnwind

advapi32

RegisterEventSourceW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptDestroyKey
OpenEventLogW
ReadEventLogW
CloseEventLog
ReportEventW
DeregisterEventSource
CryptGetProvParam
GetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegSaveKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegOpenKeyExW
GetUserNameA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
CryptSetProvParam
InitializeSecurityDescriptor

ole32

CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromCLSID
CoUninitialize

shell32

SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathA
SHGetFolderPathA

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathAddBackslashA
PathAppendW
StrStrIA
PathAddExtensionA
SHGetValueW
SHEnumKeyExW
StrRStrIW
StrStrIW
PathIsSameRootA
StrCmpIW
PathCombineW
PathCombineA
PathAppendA
PathFileExistsA
PathFindFileNameA
PathAddBackslashW

rpcrt4

UuidFromStringA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetInterfaceInfo
SendARP
GetIpAddrTable
GetIfTable
GetAdaptersInfo
GetIfEntry
GetIpForwardTable
GetAdaptersAddresses
IcmpSendEcho
GetNetworkParams

ws2_32

WSAGetLastError
setsockopt
WSAStartup
socket
htons
bind
sendto
ntohs
getsockopt
select
connect
ioctlsocket
closesocket
recvfrom
WSACleanup
inet_addr
getaddrinfo
freeaddrinfo

rasapi32

RasEnumConnectionsA

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpCheckPlatform
WinHttpConnect
WinHttpQueryHeaders

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc4ce78a8cfd4d2704c189ac5cbb8e29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

oleaut32

shlwapi

rpcrt4

version

setupapi

iphlpapi

ws2_32

rasapi32

crypt32

winhttp

Exports

Exports

Sections

.text Size: 771KB - Virtual size: 770KB

.rdata Size: 466KB - Virtual size: 465KB

.data Size: 18KB - Virtual size: 451KB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.tvm0 Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 771KB - Virtual size: 770KB

.rdata
Size: 466KB - Virtual size: 465KB

.data
Size: 18KB - Virtual size: 451KB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.tvm0
Size: 4.2MB - Virtual size: 4.2MB