c295e749af14d243e8f73a3685256a8507925e4d0042343cdc08072c8830d1ba

Sharing

Copy URL Twitter E-mail

General

Target

c295e749af14d243e8f73a3685256a8507925e4d0042343cdc08072c8830d1ba
Size

288KB
MD5

ec6081d4c7e137e766f52d057cc4757a
SHA1

964639c274792e345a382c05c26d112373e92899
SHA256

c295e749af14d243e8f73a3685256a8507925e4d0042343cdc08072c8830d1ba
SHA512

06643b3227f9886614d0676e7ac239b8f14bf61a9dc2e096b8b82b2cd6ccf76095b931d0dcd3922dc53f0b7fd933a7f1ca1794b1e90379143f6cc6ffeefb9b11
SSDEEP

6144:677xfptN0d60mGlWZxZsGJjeTBJDw2jy:UDa6ElWZxZsGZeTr8v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c295e749af14d243e8f73a3685256a8507925e4d0042343cdc08072c8830d1ba

Files

c295e749af14d243e8f73a3685256a8507925e4d0042343cdc08072c8830d1ba
.dll windows x86

1658b30ab68f635cd08d10d7497cb6ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
lstrcpyW
ExitProcess
GetDriveTypeW
FreeLibrary
CreateProcessW
HeapAlloc
InterlockedDecrement
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
GetProcessHeap
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
CreateFileW
lstrcmpW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetLocalTime
Process32FirstW
GlobalMemoryStatusEx
GetSystemInfo
CreateEventW
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetCurrentProcessId
LoadLibraryExW
CreateDirectoryW
WriteFile
CopyFileW
GetFileAttributesW
InterlockedExchange
DeleteFileW
ExpandEnvironmentStringsW
GetNativeSystemInfo
IsBadReadPtr
SetLastError
LoadLibraryA
VirtualProtect
CreateThread
LocalFree
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
ResetEvent
lstrlenW
QueryPerformanceCounter
CloseHandle
GetLastError
FormatMessageW
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
Process32NextW
VirtualFree
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetEndOfFile
RtlUnwind
GetCommandLineA
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
lstrlenA
UnmapViewOfFile
SwitchToThread
CreateFileMappingW
MapViewOfFileEx
GetFileSize
InterlockedIncrement
HeapDestroy
HeapCreate
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedCompareExchange

user32

GetMonitorInfoW
PeekMessageW
SendMessageW
GetLastInputInfo
GetWindowTextW
GetForegroundWindow
EnumDisplayMonitors
IsWindow
MsgWaitForMultipleObjects
wsprintfW
DispatchMessageW
TranslateMessage

advapi32

RegDeleteValueW
RegCreateKeyW
RegCloseKey
CheckTokenMembership
GetCurrentHwProfileW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString

ws2_32

send
setsockopt
WSAIoctl
htons
ntohs
WSAGetLastError
gethostname
inet_ntoa
gethostbyname
shutdown
WSAStringToAddressW
WSASetLastError
WSAAddressToStringW
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
closesocket

shlwapi

StrChrW
StrPBrkW

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

Exports

Exports

Version
update

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1658b30ab68f635cd08d10d7497cb6ef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 24KB