7030d372b314c555eb22f6d64dda665a008635a196d7460513aabf1b7f8b2891

Sharing

Copy URL Twitter E-mail

General

Target

7030d372b314c555eb22f6d64dda665a008635a196d7460513aabf1b7f8b2891
Size

700KB
MD5

ac5ee63156f18401242d36d091a4ef38
SHA1

f6df261558f4c837926f230fb4c18d3d065fadf8
SHA256

7030d372b314c555eb22f6d64dda665a008635a196d7460513aabf1b7f8b2891
SHA512

c69c8d2fbe63f2cdc0ff9f1dd035d3ce8e8a0fb173b10a7a3e1984acd4179cf6453cb77c53d2b0abee472cec8e52159b1d4303f09dfce641d6e0b9d75d32090f
SSDEEP

12288:AG7jXTcQVmKgUnfsGDzfcQizy9E80CXZ3zIS3kYRnVqW0Pv4zCouO7aMt6vdeDCx:AG7jXTaQnfhPcSZPqVPv4zCkt617

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7030d372b314c555eb22f6d64dda665a008635a196d7460513aabf1b7f8b2891

Files

7030d372b314c555eb22f6d64dda665a008635a196d7460513aabf1b7f8b2891
.dll windows x86

0e68ffc3f38d1c39e9dcb5bc1bee47e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InitializeCriticalSection
CreateEventW
VirtualProtect
GetModuleHandleA
LoadLibraryA
SetFilePointer
GetLocalTime
OpenEventW
CreateThread
InterlockedDecrement
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
VirtualFree
VirtualAlloc
FindFirstFileW
CreateDirectoryW
SetEndOfFile
ReadFile
GetFileSizeEx
WriteFile
GetModuleHandleW
CreateFileW
GetSystemDirectoryW
GetModuleFileNameW
Sleep
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetCurrentDirectoryA
VerifyVersionInfoA
VerSetConditionMask
SetLastError
SleepEx
FormatMessageA
GetFullPathNameA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapSize
GetOEMCP
GetACP
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
HeapReAlloc
CompareStringW
CompareStringA
CloseHandle
GetLastError
GetCurrentProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FindNextFileW
FindClose
InterlockedIncrement

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptImportKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ws2_32

getsockname
WSAIoctl
select
getsockopt
__WSAFDIsSet
getpeername
WSACleanup
freeaddrinfo
inet_ntoa
gethostbyname
getaddrinfo
ntohl
htonl
ntohs
connect
recv
send
shutdown
bind
htons
inet_addr
setsockopt
socket
recvfrom
sendto
closesocket
accept
listen
ioctlsocket
gethostname
WSAStartup
WSAGetLastError
WSASetLastError

wldap32

ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord22
ord211

Exports

Exports

DllCanUnloadNow
DllDoFun
DllGetClassObject
DllRegister
DllUnRegister

Sections

.text
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e68ffc3f38d1c39e9dcb5bc1bee47e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 571KB - Virtual size: 570KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 571KB - Virtual size: 570KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 54KB