a12815d048f687b0ed866b08815947be0df83ababdb0e92deb7797e305aab74e

Sharing

Copy URL Twitter E-mail

General

Target

a12815d048f687b0ed866b08815947be0df83ababdb0e92deb7797e305aab74e
Size

5.2MB
MD5

9c098012b17fcc95d8523175e9807adf
SHA1

b7d4d0df694437c512d57ceee1334650324969e6
SHA256

a12815d048f687b0ed866b08815947be0df83ababdb0e92deb7797e305aab74e
SHA512

1d40f96e2ae30156f0972d9b8dd0d984efce10e7be12cd046e8abc8f72829e0979987c1fd4eaaa83f59298fa57464bd88f279562548f085fa37bcec1a0fcdfea
SSDEEP

49152:5QIRNnpiI2qWI304y4gZVNoMs6vO3l6759WvoQLa1NQ+Ibz/:3p7WIk4y4cNoM06mLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a12815d048f687b0ed866b08815947be0df83ababdb0e92deb7797e305aab74e

Files

a12815d048f687b0ed866b08815947be0df83ababdb0e92deb7797e305aab74e
.dll windows x64

3fe14933326bdd5887b903b541c3e8e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLogicalDriveStringsA
FindNextFileA
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
ReleaseMutex
CreateMutexW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetCurrentThread
GetSystemInfo
SetThreadAffinityMask
GetDiskFreeSpaceExW
GetLogicalProcessorInformation
GetComputerNameA
CreatePipe
PeekNamedPipe
CreateProcessA
IsWow64Process
GlobalMemoryStatusEx
GlobalMemoryStatus
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualAlloc
VirtualFree
CreateFileA
VirtualProtectEx
GetEnvironmentVariableA
DeleteFileA
GetFileSizeEx
OpenProcess
MapViewOfFileEx
CreateFileMappingA
GetTickCount
GetFileInformationByHandle
CreateMutexA
OpenFileMappingA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RtlPcToFileHeader
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SetFilePointerEx
IsProcessorFeaturePresent
InitOnceBeginInitialize
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringEx
GetCPInfo
IsDebuggerPresent
SetStdHandle
FreeEnvironmentStringsW
ReadFile
QueryDosDeviceW
FindFirstFileA
FindClose
DeviceIoControl
VirtualQueryEx
GetSystemDirectoryW
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SetLastError
TryEnterCriticalSection
EncodePointer
WideCharToMultiByte
GetCurrentProcess
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
FreeLibrary
LoadLibraryW
ResumeThread
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
QueryPerformanceFrequency
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
InitializeCriticalSection
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
Sleep
GetCurrentProcessId
GetProcessHeap
DeleteCriticalSection
WriteConsoleW
DecodePointer
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
ExitProcess
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OutputDebugStringW
GetLastError
GetConsoleMode
GetWindowsDirectoryA
MultiByteToWideChar
HeapSize
GetCurrentThreadId
CreateFileW
InitializeCriticalSectionEx
GetModuleFileNameW
WriteFile
GetStdHandle
HeapFree
GetModuleHandleExW
RtlUnwind

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseEventLog
DeregisterEventSource
OpenEventLogW
RegisterEventSourceW
ReadEventLogW
ReportEventW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
CryptReleaseContext
RegSetValueExA
RegSaveKeyA
RegEnumKeyExA
RegCreateKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
SetEntriesInAclW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetProvParam
CryptDestroyKey
CryptGenKey
RegCloseKey

ole32

CoTaskMemFree
StringFromCLSID
CoInitializeEx
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

shell32

SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathA
SHGetFolderPathA

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString

shlwapi

PathAppendA
PathAddBackslashW
StrRStrIW
PathCombineW
StrCmpIW
StrStrIW
StrStrIA
PathFileExistsA
PathIsSameRootA
PathCombineA
PathAddBackslashA
PathRemoveFileSpecA
SHGetValueW
PathFindFileNameA
PathRemoveFileSpecW
PathAppendW
SHEnumKeyExW
PathAddExtensionA

ws2_32

inet_addr
closesocket
connect
ioctlsocket
getsockopt
htons
select
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
bind
ntohs
recvfrom
sendto
getaddrinfo
freeaddrinfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

iphlpapi

GetNetworkParams
IcmpCloseHandle
IcmpCreateFile
GetIpForwardTable
SendARP
GetAdaptersAddresses
GetAdaptersInfo
GetInterfaceInfo
GetIpAddrTable
GetIfTable
IcmpSendEcho
GetIfEntry

rasapi32

RasEnumConnectionsA

crypt32

CryptQueryObject
CertGetNameStringA
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

rpcrt4

UuidFromStringA

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpCheckPlatform
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fe14933326bdd5887b903b541c3e8e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

version

setupapi

iphlpapi

rasapi32

crypt32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 769KB - Virtual size: 768KB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 22KB - Virtual size: 455KB

.pdata Size: 30KB - Virtual size: 30KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.tvm0 Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 769KB - Virtual size: 768KB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 22KB - Virtual size: 455KB

.pdata
Size: 30KB - Virtual size: 30KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.tvm0
Size: 3.9MB - Virtual size: 3.9MB