fil128B53456863CFA87ABF3FB7A10FFBAC

Sharing

Copy URL Twitter E-mail

General

Target

fil128B53456863CFA87ABF3FB7A10FFBAC
Size

74.9MB
MD5

49783cd9e8554a5bb7518b5212ee64ca
SHA1

d906013d06223f1c782e6b738e279caefa221754
SHA256

983bb14813a75741bec2e8c83fbd5525c035273ba0016bface1755b260458783
SHA512

72d0e65101015f8bc15bd7a49ec78b9966b9ef49afb71301c306236fde506966e30441669672581fbdf1be9c3eef8bda18056c396c51053fa89332bba4abf62b
SSDEEP

786432:uoF7JoT0F/JRiNI8eRA9AkPMWuAX2jY/g/coAa6c:u07JoT0F/JRCInRUAkKjY/L9c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fil128B53456863CFA87ABF3FB7A10FFBAC

Files

fil128B53456863CFA87ABF3FB7A10FFBAC
.dll windows x64

3a74ccc9f48473580c1f0d82da99ba99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegOpenKeyExA
RegGetValueW
RegEnumKeyExA
RegQueryValueExW

kernel32

LockResource
SizeofResource
FindResourceA
CloseHandle
RaiseException
WaitForSingleObject
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetFileType
WriteConsoleW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
DuplicateHandle
GetLastError
SetLastError
Sleep
GetCurrentProcess
GetSystemInfo
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
GetModuleHandleExA
GetModuleFileNameW
MoveFileExW
CreateHardLinkW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetCommandLineW
FindFirstFileW
GetLongPathNameW
SetErrorMode
GetProcessTimes
GetNativeSystemInfo
GetModuleHandleW
GetProcAddress
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SetConsoleMode
SearchPathW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
FormatMessageA
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThread
LoadLibraryW
SetConsoleCtrlHandler
FreeLibrary
K32EnumProcessModulesEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualProtect
LoadLibraryExA
RtlCaptureStackBackTrace
HeapSize
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
LoadResource
UnmapViewOfFile
FormatMessageW
RtlPcToFileHeader
EncodePointer
DecodePointer
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
RtlUnwindEx
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
ResumeThread
GetModuleHandleExW
SetStdHandle
SetFilePointerEx
ExitProcess
SetEndOfFile
HeapValidate
HeapWalk
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
WriteFile
GetConsoleCP
ReadFile
ReadConsoleW
OutputDebugStringA
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleaut32

SetErrorInfo
VariantChangeType
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
CreateErrorInfo
VariantInit

Exports

Exports

CheckCompileOptions
Compile

Sections

.text
Size: 55.6MB - Virtual size: 55.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a74ccc9f48473580c1f0d82da99ba99

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

version

oleaut32

Exports

Exports

Sections

.text Size: 55.6MB - Virtual size: 55.6MB

.rdata Size: 12.4MB - Virtual size: 12.4MB

.data Size: 254KB - Virtual size: 480KB

.pdata Size: 2.4MB - Virtual size: 2.4MB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1KB - Virtual size: 1KB

.gfids Size: 850KB - Virtual size: 850KB

.00cfg Size: 512B - Virtual size: 319B

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 1003KB - Virtual size: 1002KB

.reloc Size: 515KB - Virtual size: 515KB

.text
Size: 55.6MB - Virtual size: 55.6MB

.rdata
Size: 12.4MB - Virtual size: 12.4MB

.data
Size: 254KB - Virtual size: 480KB

.pdata
Size: 2.4MB - Virtual size: 2.4MB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1KB - Virtual size: 1KB

.gfids
Size: 850KB - Virtual size: 850KB

.00cfg
Size: 512B - Virtual size: 319B

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 1003KB - Virtual size: 1002KB

.reloc
Size: 515KB - Virtual size: 515KB