16149dadd27f14ff5dadd701b5e16d79cc22158e148ec2181d8a03fc3a1264e9

Sharing

Copy URL Twitter E-mail

General

Target

16149dadd27f14ff5dadd701b5e16d79cc22158e148ec2181d8a03fc3a1264e9
Size

627KB
MD5

e4e8ff74a1fbbe67aa7d6241e00f55d6
SHA1

be808a9c21b4fa0570702ded80a8027ccd211422
SHA256

16149dadd27f14ff5dadd701b5e16d79cc22158e148ec2181d8a03fc3a1264e9
SHA512

98a652a1b9b03e277beb7e91973091bd00cf490c30a515c4249da979b0f45f239987aeda414aec7828563bb15e8c38724339a961884d2ad9aef880773e36cd77
SSDEEP

12288:om+hzRMt9LzGLc/UujNSAMGQHfZxXZdz7CHw4z/9XlO7uO7QVIEszja:om+h9uh8gozB4b9XlO4IEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16149dadd27f14ff5dadd701b5e16d79cc22158e148ec2181d8a03fc3a1264e9

Files

16149dadd27f14ff5dadd701b5e16d79cc22158e148ec2181d8a03fc3a1264e9
.dll windows x86

0e68ffc3f38d1c39e9dcb5bc1bee47e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InitializeCriticalSection
CreateEventW
VirtualProtect
GetModuleHandleA
LoadLibraryA
SetFilePointer
GetLocalTime
OpenEventW
CreateThread
InterlockedDecrement
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
VirtualFree
VirtualAlloc
FindFirstFileW
CreateDirectoryW
SetEndOfFile
ReadFile
GetFileSizeEx
WriteFile
GetModuleHandleW
CreateFileW
GetSystemDirectoryW
GetModuleFileNameW
Sleep
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetCurrentDirectoryA
VerifyVersionInfoA
VerSetConditionMask
SetLastError
SleepEx
FormatMessageA
GetFullPathNameA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapSize
GetOEMCP
GetACP
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
HeapReAlloc
CompareStringW
CompareStringA
CloseHandle
GetLastError
GetCurrentProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FindNextFileW
FindClose
InterlockedIncrement

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptImportKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ws2_32

getsockname
WSAIoctl
select
getsockopt
__WSAFDIsSet
getpeername
WSACleanup
freeaddrinfo
inet_ntoa
gethostbyname
getaddrinfo
ntohl
htonl
ntohs
connect
recv
send
shutdown
bind
htons
inet_addr
setsockopt
socket
recvfrom
sendto
closesocket
accept
listen
ioctlsocket
gethostname
WSAStartup
WSAGetLastError
WSASetLastError

wldap32

ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord22
ord211

Exports

Exports

DllCanUnloadNow
DllDoFun
DllGetClassObject
DllRegister
DllUnRegister

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e68ffc3f38d1c39e9dcb5bc1bee47e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 508KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 508KB - Virtual size: 508KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB