05856c483e5ef6a522a85ed0728a2c6b03fcdf18bdf16eb246ce8c8c8d1f08ae

Sharing

Copy URL Twitter E-mail

General

Target

05856c483e5ef6a522a85ed0728a2c6b03fcdf18bdf16eb246ce8c8c8d1f08ae
Size

4.1MB
MD5

5a78c3e411064569c87a51093c348737
SHA1

5acaceeeace32555603ead3245cdf61c825c5f9d
SHA256

05856c483e5ef6a522a85ed0728a2c6b03fcdf18bdf16eb246ce8c8c8d1f08ae
SHA512

3594d00316db977fc30308fa37029a6eeb62d24b2aae604168754c3bc7d2522fd31ca10df656bc01a6a5f8cab003984b39964cb0d4195082b68a26c6e96b38dd
SSDEEP

98304:2CfXLZYD0wQvAObdYhiZPYOOQbAILoGBKRyKk:2CHbdYkZPY1QEILoGBWyKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05856c483e5ef6a522a85ed0728a2c6b03fcdf18bdf16eb246ce8c8c8d1f08ae

Files

05856c483e5ef6a522a85ed0728a2c6b03fcdf18bdf16eb246ce8c8c8d1f08ae
.dll windows x86

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrStrIW
PathAppendW

crypt32

CryptMsgClose
CertGetNameStringW
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

kernel32

MoveFileW
FreeResource
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FlushFileBuffers
CloseHandle
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
GetLocalTime
GetFileSize
lstrlenA
FileTimeToSystemTime
ReadFile
FileTimeToLocalFileTime
GetEnvironmentVariableW
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetUserDefaultLangID
GetLogicalDriveStringsW
QueryDosDeviceW
WaitForSingleObject
DeleteFileW
DisableThreadLibraryCalls
GetLastError
GetTempPathW
GetModuleFileNameW
IsBadReadPtr
IsBadStringPtrW
GetTempFileNameW
InterlockedExchange
CopyFileW
GetTickCount
DeviceIoControl
GetProcAddress
OpenProcess
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
OpenMutexW
ReleaseMutex
SearchPathW
GetModuleHandleW
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
ResumeThread
SetEvent
ResetEvent
CreateEventW
OpenEventW
ExpandEnvironmentStringsW
MoveFileExW
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
LocalFree
GetCurrentProcess
CreateDirectoryW
CreateThread
LoadLibraryExW
GetDiskFreeSpaceW
GetVolumeInformationW
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
GetFileAttributesW
SetEndOfFile
SetFileTime
GetFileTime
FormatMessageW
GetFullPathNameW
GetSystemDirectoryW
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
LoadLibraryA
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
lstrcatW
lstrcpyW
GetFileSizeEx
SetLastError
GetStringTypeW
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitThread
RaiseException
RtlUnwind
GetCPInfo
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceFrequency
Sleep
InterlockedExchangeAdd
TerminateThread
FindClose
GetDriveTypeW

user32

wsprintfW

advapi32

CreateServiceW
OpenSCManagerW
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegFlushKey
RegDeleteValueW
OpenServiceW
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
LookupPrivilegeNameW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenCurrentUser
SetNamedSecurityInfoW
LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

Exports

Exports

ExportFunc1
ExportFunc10
ExportFunc11
ExportFunc12
ExportFunc13
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 974KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

advapi32

shell32

version

psapi

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 481KB - Virtual size: 481KB

.data Size: 974KB - Virtual size: 987KB

.rsrc Size: 458KB - Virtual size: 458KB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 481KB - Virtual size: 481KB

.data
Size: 974KB - Virtual size: 987KB

.rsrc
Size: 458KB - Virtual size: 458KB

.reloc
Size: 107KB - Virtual size: 107KB