856c460f5ea85197d9badff7f4d59d576fbaa92c5c5bc58c1c09100059c9e43c

Sharing

Copy URL Twitter E-mail

General

Target

856c460f5ea85197d9badff7f4d59d576fbaa92c5c5bc58c1c09100059c9e43c
Size

4.6MB
MD5

0124e656808427a8700352e393a1a8bf
SHA1

18b600438ec2e3fbf019d84221df136954be1c88
SHA256

856c460f5ea85197d9badff7f4d59d576fbaa92c5c5bc58c1c09100059c9e43c
SHA512

00b968028493f898f40b778e3bb0adda14fbacf3feedbea1d2c99ecfd28e96803a24b41fe37837ad3bd4f9c1efceb31e4a0f11d6ad0fa1344a27dfa2af84f69d
SSDEEP

98304:Cc7ky7v+AmyMLThQcLVSoq7A5ljjriN05/vcpuiFX48apDl/umxLs285:RkVLTKcxS9A5ljnK0ZvcpumK9l/u2Q2Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
856c460f5ea85197d9badff7f4d59d576fbaa92c5c5bc58c1c09100059c9e43c

Files

856c460f5ea85197d9badff7f4d59d576fbaa92c5c5bc58c1c09100059c9e43c
.dll windows x86

9f721f879fb1d1a9e54ba97a56f06d9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptDestroyKey
OpenEventLogW
ReadEventLogW
CloseEventLog
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGetProvParam
GetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CryptSetProvParam
RegEnumKeyA
RegQueryInfoKeyA
GetUserNameA
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSaveKeyA
RegEnumKeyExA

shlwapi

PathCombineW
StrCmpIW
PathIsSameRootA
StrStrIW
StrRStrIW
SHEnumKeyExW
PathCombineA
StrStrIA
PathFindFileNameA
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW
PathFileExistsA
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
SHGetValueW

ws2_32

getaddrinfo
freeaddrinfo
ioctlsocket
connect
ntohs
select
WSAStartup
socket
WSAGetLastError
inet_addr
WSACleanup
getsockopt
closesocket
htons
bind
sendto
recvfrom
setsockopt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
StringFromCLSID
CoInitializeEx
CoTaskMemFree
CoCreateGuid

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathA
SHGetSpecialFolderPathA

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

kernel32

RtlUnwind
GetACP
GetOEMCP
TlsAlloc
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
InterlockedFlushSList
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
ExitProcess
IsValidLocale
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetCommandLineA
ReadConsoleW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
FindFirstFileExW
OpenFileMappingA
GetFileInformationByHandle
VirtualProtectEx
VirtualQueryEx
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
TryEnterCriticalSection
InitializeCriticalSection
DeleteFileA
GetFileSizeEx
CreateFileA
GetEnvironmentVariableA
OpenProcess
LoadLibraryA
FindNextFileA
FileTimeToSystemTime
CreateThread
GlobalMemoryStatus
GetDiskFreeSpaceExW
GetComputerNameA
SetFilePointerEx
QueryDosDeviceW
DeviceIoControl
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetWindowsDirectoryW
SetEndOfFile
SetFilePointer
SetFileTime
RemoveDirectoryW
FindClose
FindNextFileW
ReadFile
GetFileSize
GetModuleHandleExW
IsValidCodePage
FindFirstFileW
SetFileAttributesW
GetModuleHandleW
GetCurrentThread
PeekNamedPipe
CreateProcessA
CreatePipe
GetCurrentProcess
GetCurrentProcessId
GetConsoleMode
GetStdHandle
CreateFileW
GetFileAttributesW
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateMutexW
CreateEventW
Sleep
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
QueueUserWorkItem
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalFree
SetThreadAffinityMask
CreateFileMappingA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLCID
GetUserDefaultLCID
EnumSystemLocalesW
DeleteCriticalSection
HeapSize
GetProcessHeap
WriteFile
OutputDebugStringW
WriteConsoleW
CreateDirectoryW

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString

rpcrt4

UuidFromStringA

iphlpapi

GetNetworkParams
GetIpForwardTable
GetIfEntry
GetAdaptersInfo
GetIfTable
GetIpAddrTable
SendARP
GetInterfaceInfo
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
GetAdaptersAddresses

rasapi32

RasEnumConnectionsA

crypt32

CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReadData
WinHttpConnect
WinHttpOpen
WinHttpCheckPlatform
WinHttpCloseHandle

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f721f879fb1d1a9e54ba97a56f06d9a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

version

ole32

shell32

setupapi

kernel32

oleaut32

rpcrt4

iphlpapi

rasapi32

crypt32

winhttp

Exports

Exports

Sections

.text Size: 729KB - Virtual size: 729KB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 15KB - Virtual size: 330KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 30KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 729KB - Virtual size: 729KB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 15KB - Virtual size: 330KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB