30f894a2bfc27f1759601c3286f2d52b34d38a53d35a7fb331e811e76099a799

Sharing

Copy URL Twitter E-mail

General

Target

30f894a2bfc27f1759601c3286f2d52b34d38a53d35a7fb331e811e76099a799
Size

502KB
MD5

fef283f07de69c98bc6595e488c78b73
SHA1

4cff005cbce9966bf1122f90b7750faa63e5a8a2
SHA256

30f894a2bfc27f1759601c3286f2d52b34d38a53d35a7fb331e811e76099a799
SHA512

99df0c63781e1bf1e491f75599ce8bf210d49ba96b613330864266b23e0ba0476fccee10c6c592daa08cdfb904067a3840f9521447ac640be7f12a8645de268a
SSDEEP

12288:Rm/cP5rgYE5MQb1/oE7lcqgqghdXq5J70MzENstPhet9uO7+bMjm:FwZR/pgQ0CPhUuMjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f894a2bfc27f1759601c3286f2d52b34d38a53d35a7fb331e811e76099a799

Files

30f894a2bfc27f1759601c3286f2d52b34d38a53d35a7fb331e811e76099a799
.dll windows x86

c7d999036837e2c7fc9a4504679098de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
GetVersionExW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InitializeCriticalSection
CreateEventW
SetFilePointer
GetLocalTime
OpenEventW
VirtualProtect
LoadLibraryA
OutputDebugStringA
CreateThread
InterlockedDecrement
IsBadReadPtr
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
VirtualFree
VirtualAlloc
FindFirstFileW
CreateDirectoryW
SetEndOfFile
ReadFile
GetFileSizeEx
WriteFile
GetModuleHandleW
CreateFileW
GetSystemDirectoryW
GetModuleFileNameW
Sleep
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VerifyVersionInfoA
CreateFileA
VerSetConditionMask
SetLastError
SleepEx
FormatMessageA
PeekNamedPipe
GetCurrentDirectoryA
GetFullPathNameA
SetStdHandle
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapSize
GetOEMCP
GetACP
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CloseHandle
GetLastError
GetCurrentProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
CompareStringW
CompareStringA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
HeapReAlloc
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindNextFileW
FindClose
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
InterlockedIncrement

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptImportKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

ws2_32

accept
listen
getpeername
ioctlsocket
getsockname
WSAIoctl
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
freeaddrinfo
inet_ntoa
gethostbyname
getaddrinfo
ntohl
htonl
ntohs
connect
recv
send
shutdown
bind
htons
inet_addr
setsockopt
socket
recvfrom
sendto
closesocket
gethostname
getsockopt

wldap32

ord46
ord41
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllDoFun
DllGetClassObject
DllRegister
DllUnRegister

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7d999036837e2c7fc9a4504679098de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

shlwapi

Exports

Exports

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB