cf6d28d074da70f2d10cd0f251e0cab92e7d2b3ec19780039e08007c3fd49182

Sharing

Copy URL Twitter E-mail

General

Target

cf6d28d074da70f2d10cd0f251e0cab92e7d2b3ec19780039e08007c3fd49182
Size

172KB
MD5

d3a40aca4a0dad6d134bb2e75117fa0e
SHA1

27f9716f4b63bf0eb53114f648da23fd9da17684
SHA256

cf6d28d074da70f2d10cd0f251e0cab92e7d2b3ec19780039e08007c3fd49182
SHA512

2ef2d7a75d3612f4568fa2b6a2c1d16c46071ecf122715b358c3363807af237ada1fc2c50eca7727a3b976d91139e40f70969027c1fed55f76ff33a87b45a6ed
SSDEEP

3072:fsJkqtfRRBCxzF4HKPHJddCs/gtl9C9nbCu64aaDU:CAxzF6KhddCFtlgnbC4pD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf6d28d074da70f2d10cd0f251e0cab92e7d2b3ec19780039e08007c3fd49182

Files

cf6d28d074da70f2d10cd0f251e0cab92e7d2b3ec19780039e08007c3fd49182
.dll windows x86

705ef993fb8cbb1ea765613dcc84ee5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
FlushFileBuffers
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
GetCurrentProcessId
TerminateProcess
MultiByteToWideChar
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
GetVersionExW
lstrcmpiA
GetSystemTimeAsFileTime
ReadFile
WriteFile
GetModuleHandleW
Sleep
GetSystemDirectoryW
GetCurrentThreadId
GetLastError
GetCurrentProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedDecrement
OpenEventW
SetEvent
CreateThread
CloseHandle
WaitForSingleObject
CreateEventW
GetModuleFileNameW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
HeapSize
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeA
EnumSystemLocalesA
HeapReAlloc
HeapDestroy
HeapCreate
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
SetHandleCount

advapi32

RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllDoFun
DllGetClassObject
DllRegister
DllUnRegister

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

705ef993fb8cbb1ea765613dcc84ee5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB