669cadd76a5e957d09ca3c0adc000875a0a56f4e5c754e7959ceca05d3111a51

Sharing

Copy URL Twitter E-mail

General

Target

669cadd76a5e957d09ca3c0adc000875a0a56f4e5c754e7959ceca05d3111a51
Size

888KB
MD5

6d0950d018fba153be6ddc469093cdf2
SHA1

97c2b28a80de1fc2cd806bdc60530f60916dbb38
SHA256

669cadd76a5e957d09ca3c0adc000875a0a56f4e5c754e7959ceca05d3111a51
SHA512

3d5fdbfe95338b6d60536454b9abcad515454f9f6ca3676fae1cf6d58e0d3d1ccdb008e03bad143bfbaac75d070a43b0d7691ae33944d6b001bc334d1b1c737d
SSDEEP

24576:hN1VYgL/obw5Jhvm3hrkp2N3KNsOIfKPAxDbTpuy:hN1igL/obWOdN3KbsDbTpuy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669cadd76a5e957d09ca3c0adc000875a0a56f4e5c754e7959ceca05d3111a51

Files

669cadd76a5e957d09ca3c0adc000875a0a56f4e5c754e7959ceca05d3111a51
.dll windows x86

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReleaseMutex
GetFileSizeEx
LoadLibraryW
FreeLibrary
GetCurrentProcess
GetModuleHandleW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Process32NextW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetFullPathNameW
TerminateThread
CreateThread
FindClose
GetVersionExW
FlushFileBuffers
LocalAlloc
CreateFileA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
CreateProcessW
ProcessIdToSessionId
GetUserDefaultLangID
FileTimeToLocalFileTime
DeleteFileA
TryEnterCriticalSection
InterlockedExchange
LoadLibraryA
GetVersionExA
GetFileAttributesA
GetTempPathA
GetTempPathW
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
ExitThread
FormatMessageA
SetLastError
SetFilePointer
GetLocalTime
SetEndOfFile
GetCurrentProcessId
GetTickCount
InterlockedCompareExchange
CreateMutexW
WaitForSingleObject
GetFileSize
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
CreateEventW
OpenProcess
WideCharToMultiByte
GetModuleFileNameW
CloseHandle
ReadFile
CreateFileW
CreateDirectoryW
GetFileAttributesW
GetPrivateProfileStringW
FindResourceExW
DeleteFileW
LoadResource
LockResource
SizeofResource
FindResourceW
LocalFree
GetLastError
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
GetProcAddress
lstrlenW
Sleep
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
CompareStringW
CompareStringA
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
RtlUnwind
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
RaiseException
HeapSize
HeapDestroy
GetModuleHandleA

user32

UnregisterClassA
CharLowerA
wsprintfW

advapi32

CryptDestroyKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
OpenProcessToken
ConvertSidToStringSidW
RegQueryValueExW
CloseServiceHandle
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CLSIDFromString
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoGetObject
StringFromGUID2
CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveArgsW
PathParseIconLocationW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathFileExistsA
StrToIntW
PathMakePrettyW
PathCanonicalizeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACleanup
getaddrinfo
closesocket
WSASetEvent
WSACreateEvent
WSARecv
freeaddrinfo
WSAGetOverlappedResult
WSASend
WSAStartup
ioctlsocket
select
__WSAFDIsSet
socket
connect
WSACloseEvent
setsockopt
getpeername
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSAEventSelect
WSASetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt

crypt32

CertNameToStrW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
RunApp
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

ws2_32

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 32KB