966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e

Sharing

Copy URL Twitter E-mail

General

Target

966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e
Size

840KB
MD5

c69f8ea725cebd43aeb76d8d1bac9645
SHA1

f3a605337ae57ffbc0144097d396d2d664ecba99
SHA256

966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e
SHA512

c1e08c9854bca7bc8ffbd4b82e3e49e3525212a62f1c078cb7bf20b8aece4348e446ea8ddc5ce9b92616aa2cc818dced5ec614a38e1c74aa760f1e67943c2329
SSDEEP

24576:F0PnNlB9nGEVNXQXOmQFfKqk/Kbdl9qe+60hTS09:F0PnNlB9nGw9QXOdyqEE6ZThTJ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e

Files

966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e
.dll windows x86

d395ef317110f3559e0ad0ed5b6c742d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid

ws2_32

getsockopt
shutdown
WSAStartup
recv
listen
getpeername
inet_addr
getaddrinfo
inet_ntoa
freeaddrinfo
WSAGetLastError
accept
bind
send
getsockname
ntohs
htons
closesocket
ioctlsocket
socket
connect
setsockopt
__WSAFDIsSet
select
WSACleanup

advapi32

RegCloseKey
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSaveKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
EqualSid
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
ImpersonateLoggedOnUser
OpenProcessToken
EnumServicesStatusExW
CheckTokenMembership
CreateProcessAsUserW
RegQueryInfoKeyW
DuplicateTokenEx
GetTokenInformation
SetSecurityDescriptorDacl
GetUserNameW
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
FreeSid

shell32

SHGetFolderPathW
SHFileOperationW
SHGetFileInfoW

user32

GetWindowThreadProcessId
FindWindowExW
GetSystemMetrics
SetThreadDesktop
CloseDesktop
OpenDesktopW
MessageBoxA
OpenInputDesktop
FindWindowW
LookupIconIdFromDirectoryEx
GetUserObjectInformationW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSQueryUserToken

psapi

GetModuleBaseNameW
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW

shlwapi

StrStrIW
StrStrW
wnsprintfW

kernel32

GetTimeFormatW
GetDateFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetStdHandle
GetFileType
GetModuleFileNameW
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
GetTimeZoneInformation
GetConsoleMode
ExitProcess
TlsFree
ReadConsoleW
TlsSetValue
GetConsoleCP
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
FindFirstFileExA
FindFirstFileExW
SetLastError
FindNextFileA
RaiseException
IsValidCodePage
InterlockedFlushSList
GetOEMCP
GetCPInfo
GetCommandLineA
InterlockedPushEntrySList
EncodePointer
IsDebuggerPresent
InitializeSListHead
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
SetStdHandle
WriteConsoleW
HeapSize
OutputDebugStringW
WaitForSingleObjectEx
GetCurrentThread
ResetEvent
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringA
CompareStringW
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
CloseHandle
OpenMutexW
GetModuleHandleW
VirtualFree
GetCurrentProcess
WriteFile
TerminateProcess
CreateNamedPipeW
CreateEventW
Sleep
GetExitCodeThread
SetEvent
CreateThread
WaitForMultipleObjects
VirtualAlloc
ReadFile
GetFileSizeEx
CreateFileW
SetFilePointerEx
InterlockedDecrement
GetModuleHandleA
GetNativeSystemInfo
GetProcAddress
TryEnterCriticalSection
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
ExitThread
DecodePointer
DeleteCriticalSection
CreateSemaphoreW
InterlockedIncrement
OutputDebugStringA
GetCurrentThreadId
GetLocalTime
CreateDirectoryW
GetSystemDirectoryW
lstrcpynA
GetCurrentProcessId
WideCharToMultiByte
HeapReAlloc
SizeofResource
FindFirstFileW
FindNextFileW
SetFileTime
EnumResourceNamesW
FindClose
LocalAlloc
GetFileAttributesW
GetLastError
LockResource
LoadResource
FindResourceW
LocalFree
MoveFileExW
FreeLibrary
MoveFileW
GetFileTime
LoadLibraryExW
GetStartupInfoW
WriteProcessMemory
SetHandleInformation
ExpandEnvironmentStringsW
GetProcessId
CreatePipe
PeekNamedPipe
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LoadLibraryW
Module32FirstW
VirtualAllocEx
ReadProcessMemory
CreateProcessW
Module32NextW
VirtualFreeEx
lstrcmpiW
GetExitCodeProcess
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetFileSize
GetVolumeInformationW
lstrlenW
DeviceIoControl
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetComputerNameA
SetFilePointer
SetEndOfFile
CreateFileA
FlushFileBuffers
GetTempPathW
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar

Sections

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d395ef317110f3559e0ad0ed5b6c742d

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ws2_32

advapi32

shell32

user32

wtsapi32

psapi

userenv

shlwapi

kernel32

Sections

.text Size: 706KB - Virtual size: 706KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 560B

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 706KB - Virtual size: 706KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 560B

.reloc
Size: 24KB - Virtual size: 23KB