692b2f5920a60b9bb241891dbbae5b7e3f42f4403fd1f30ca63ecc000fbc8037

Sharing

Copy URL

Twitter E-mail

General

Target

692b2f5920a60b9bb241891dbbae5b7e3f42f4403fd1f30ca63ecc000fbc8037
Size

593KB
MD5

d0b7449b1c07fa9edb9cd1cf8ea670e1
SHA1

541179506caafc21ec4c68746a200daa5756bdf0
SHA256

692b2f5920a60b9bb241891dbbae5b7e3f42f4403fd1f30ca63ecc000fbc8037
SHA512

9faefc892fe836526700e7c6e7a73629dde219085036f1a1384288315bc0dc15bddb7efa5659d8a52e43685c6cb3fde2b03df77b5f409f905079e59d1b5cde74
SSDEEP

12288:ScoCLUBodTUY4B5DahkfD+OQgCXaK0CJDhQuu7EGP:Sc1QqdTUY4B5WmD+TXaeF4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
692b2f5920a60b9bb241891dbbae5b7e3f42f4403fd1f30ca63ecc000fbc8037

Files

692b2f5920a60b9bb241891dbbae5b7e3f42f4403fd1f30ca63ecc000fbc8037
.dll windows x64

46870c5f0c9f7c636c4556c86f564b4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
GetCurrentProcessId
TerminateProcess
MultiByteToWideChar
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
lstrcmpiA
VirtualAlloc
CreateDirectoryW
SetEndOfFile
ReadFile
GetFileSizeEx
WriteFile
GetModuleHandleW
CreateFileW
Sleep
GetCurrentThreadId
GetLastError
GetCurrentProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
FindNextFileW
FindClose
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
SleepEx
VerSetConditionMask
VerifyVersionInfoA
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapDestroy
HeapCreate
HeapSetInformation
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
FlsAlloc
SetLastError
FlsFree
FlsGetValue
DecodePointer
EncodePointer
FindFirstFileW
OpenEventW
SetEvent
CreateThread
CloseHandle
WaitForSingleObject
CreateEventW
ExitThread
CompareStringW
CompareStringA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetModuleFileNameW
GetLocalTime
GetSystemDirectoryW
SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
VirtualProtect
GetModuleHandleA
LoadLibraryA
UnhandledExceptionFilter

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
CryptImportKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

ws2_32

closesocket
freeaddrinfo
inet_ntoa
gethostbyname
getaddrinfo
ntohl
htons
htonl
WSAStartup
WSACleanup
sendto
recvfrom
socket
inet_addr
bind
shutdown
send
recv
connect
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
WSAIoctl
getsockname
getsockopt
getpeername
accept
listen
ioctlsocket
gethostname
setsockopt
ntohs

wldap32

ord26
ord35
ord211
ord30
ord200
ord27
ord50
ord41
ord301
ord33
ord60
ord79
ord22
ord143
ord32
ord46

shell32

SHGetSpecialFolderPathW

Exports

Exports

DllCanUnloadNow
DllDoFun
DllGetClassObject
DllRegister
DllUnRegister

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46870c5f0c9f7c636c4556c86f564b4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

ws2_32

wldap32

shell32

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 452KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 453KB - Virtual size: 452KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB