12089d56d140219121cedaf372a654e41018a8eaf19acbe35781fa0a4d3b837c

Sharing

Copy URL Twitter E-mail

General

Target

12089d56d140219121cedaf372a654e41018a8eaf19acbe35781fa0a4d3b837c
Size

523KB
MD5

c08a1b658575eadcd969386cdf26bc90
SHA1

752e20997b0d8c73fb48b67e7227fed9156df9fa
SHA256

12089d56d140219121cedaf372a654e41018a8eaf19acbe35781fa0a4d3b837c
SHA512

3e9d20f867f19b21bcd5a02c7f45a518645d2518fbd4fe53b5bfa609e536183af0fdbdacc598aad6fb82a383be436e61a5a3e3e8fe4dd094cc022a2f2cd38043
SSDEEP

12288:p7VYNlWcxaBo2bTrMCH7VYNlWcxaBo2bTrMc:lVYmcxaBRTrMCbVYmcxaBRTrMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12089d56d140219121cedaf372a654e41018a8eaf19acbe35781fa0a4d3b837c

Files

12089d56d140219121cedaf372a654e41018a8eaf19acbe35781fa0a4d3b837c
.dll windows x86

1658b30ab68f635cd08d10d7497cb6ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
lstrcpyW
ExitProcess
GetDriveTypeW
FreeLibrary
CreateProcessW
HeapAlloc
InterlockedDecrement
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
GetProcessHeap
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
CreateFileW
lstrcmpW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetLocalTime
Process32FirstW
GlobalMemoryStatusEx
GetSystemInfo
CreateEventW
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetCurrentProcessId
LoadLibraryExW
CreateDirectoryW
WriteFile
CopyFileW
GetFileAttributesW
InterlockedExchange
DeleteFileW
ExpandEnvironmentStringsW
GetNativeSystemInfo
IsBadReadPtr
SetLastError
LoadLibraryA
VirtualProtect
CreateThread
LocalFree
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
ResetEvent
lstrlenW
QueryPerformanceCounter
CloseHandle
GetLastError
FormatMessageW
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
Process32NextW
VirtualFree
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetEndOfFile
RtlUnwind
GetCommandLineA
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
lstrlenA
UnmapViewOfFile
SwitchToThread
CreateFileMappingW
MapViewOfFileEx
GetFileSize
InterlockedIncrement
HeapDestroy
HeapCreate
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedCompareExchange

user32

GetMonitorInfoW
PeekMessageW
SendMessageW
GetLastInputInfo
GetWindowTextW
GetForegroundWindow
EnumDisplayMonitors
IsWindow
MsgWaitForMultipleObjects
wsprintfW
DispatchMessageW
TranslateMessage

advapi32

RegDeleteValueW
RegCreateKeyW
RegCloseKey
CheckTokenMembership
GetCurrentHwProfileW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString

ws2_32

send
setsockopt
WSAIoctl
htons
ntohs
WSAGetLastError
gethostname
inet_ntoa
gethostbyname
shutdown
WSAStringToAddressW
WSASetLastError
WSAAddressToStringW
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
closesocket

shlwapi

StrChrW
StrPBrkW

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

Exports

Exports

Version
update

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1658b30ab68f635cd08d10d7497cb6ef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 9KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 21KB