9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1

Sharing

Copy URL

Twitter E-mail

General

Target

9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1
Size

392KB
MD5

e1129f2486fc4920a233d54002e2a45f
SHA1

84990f7eb25b8cc496af6da002571fc9c233e8a5
SHA256

9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1
SHA512

28f0e94e8edabf1d61ac70ae6f1f07a88b5048b3f0476def3e494020777449c61702cc86da8d151a4c22562312b0fe591095e4e754e54c938d079b134f71f4f1
SSDEEP

6144:kjdnRFtAFltU6XbQY0cZAJaHCXeYCrEhMRr+xHBgq4+:wdRXmtpXbQYbZAJY0eYCrB4HBd4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1

Files

9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1
.dll windows x86

2b4e5969fa84547987f5e0cf94ca707b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

GetPwrCapabilities

gdi32

GetViewportOrgEx
PatBlt
GetPixelFormat
ExtCreatePen
CreatePalette

wininet

UnlockUrlCacheEntryFile

rpcrt4

RpcEpResolveBinding
NdrSimpleStructMarshall
NdrCorrelationInitialize

shlwapi

SHRegEnumUSKeyW
PathCompactPathExW

winmm

mixerMessage
midiInGetDevCapsA

comdlg32

CommDlgExtendedError

psapi

EnumProcessModules

ws2_32

getprotobyname

clusapi

ClusterRegEnumValue

wintrust

CryptCATCDFEnumAttributes

urlmon

MkParseDisplayNameEx
IsAsyncMoniker

kernel32

GetFileSize
GetThreadLocale
ReleaseSemaphore
SetUserGeoID
FindVolumeMountPointClose
SetLastError
SetFilePointer
LoadLibraryW
GetUserDefaultLangID
GetModuleFileNameA
GetModuleFileNameW
Module32Next
SwitchToFiber
GetCurrentProcess
GetOEMCP
GetVersion
WaitForSingleObjectEx
OpenJobObjectW
GetVolumeInformationW
FindAtomA
DeleteCriticalSection
VirtualFree
GetSystemTimeAsFileTime
GetExitCodeProcess
DeleteFileW
MultiByteToWideChar

ole32

STGMEDIUM_UserUnmarshal
CoDisconnectObject

advapi32

RegCloseKey
CryptReleaseContext

user32

OpenClipboard
DefWindowProcA
OemKeyScan
DefMDIChildProcW
GetMenuItemInfoA
GetAncestor
ScreenToClient
GetMessageTime

msvcrt

tolower
free
fgets

iphlpapi

GetPerAdapterInfo

oleaut32

SysAllocStringLen

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b4e5969fa84547987f5e0cf94ca707b

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

gdi32

wininet

rpcrt4

shlwapi

winmm

comdlg32

psapi

ws2_32

clusapi

wintrust

urlmon

kernel32

ole32

advapi32

user32

msvcrt

iphlpapi

oleaut32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB