08bf80cf6465fee574cf821ddb1afbdfa0c144ddb85f6cbdbcdcfe7b831e02d6

Sharing

Copy URL Twitter E-mail

General

Target

08bf80cf6465fee574cf821ddb1afbdfa0c144ddb85f6cbdbcdcfe7b831e02d6
Size

3.5MB
MD5

14e7ddbae650f3a34579a39c05c5d4ed
SHA1

60119b8f7dc81d15d86bb10e9bd21bc93e210ab0
SHA256

08bf80cf6465fee574cf821ddb1afbdfa0c144ddb85f6cbdbcdcfe7b831e02d6
SHA512

bd1371b3de6c387ecfdc3c00ebf70edb248c552eebbdff06b0445285c9a369df30d463d4c285d4485598d72a769655b30b6fc08a21b9a336efabfd6d8811e874
SSDEEP

98304:aBGiUjE8DpEyB+y+WN3XnSxZpMOL9OwCF0SzjLPN:aBGiUjE8DieG8nnSxZ1HSTN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08bf80cf6465fee574cf821ddb1afbdfa0c144ddb85f6cbdbcdcfe7b831e02d6

Files

08bf80cf6465fee574cf821ddb1afbdfa0c144ddb85f6cbdbcdcfe7b831e02d6
.dll windows x86

abdaea61a86fab55bdeb3b13149af255

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteFileW
UnlockFile
ReadFile
LockFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
VerifyVersionInfoW
MultiByteToWideChar
GetLocalTime
SetCurrentDirectoryW
ReleaseMutex
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetTempPathW
SearchPathW
CreateDirectoryW
GetShortPathNameW
GetTempFileNameW
SetFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
GetLongPathNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
HeapQueryInformation
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetStringTypeW
GetCurrentThread
GetACP
ExitProcess
GetSystemInfo
HeapValidate
WriteConsoleW
GetFileType
GetStdHandle
FreeLibraryAndExitThread
HeapReAlloc
HeapAlloc
HeapDestroy
ResumeThread
ExitThread
CreateThread
GetModuleHandleExW
GetModuleFileNameA
InterlockedFlushSList
RtlUnwind
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcmpA
EnterCriticalSection
VerSetConditionMask
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
VirtualQuery
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
SetLastError
GetLastError
CloseHandle
SetFilePointer
GetFileAttributesExW
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GetCurrentProcess
lstrcpynW
lstrlenW
InitializeCriticalSectionEx
GetFileSizeEx
DebugBreak
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
RemoveDirectoryW
OutputDebugStringW
DeviceIoControl
SetEvent
WaitForSingleObject
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
GetFileAttributesW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetTickCount
GetVersionExW
GetPrivateProfileIntW
CreateEventW
WaitForMultipleObjects
LocalAlloc
LocalFree
FormatMessageW
GetEnvironmentVariableW
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
OpenFileMappingW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
IsBadReadPtr
IsBadWritePtr
GlobalAlloc
GlobalLock
GlobalUnlock

user32

GetClassInfoExW
GetCursorPos
CopyRect
PtInRect
EnumDisplayMonitors
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
LoadStringW
GetShellWindow
TranslateMessage
UnionRect
EqualRect
DrawFocusRect
MoveWindow
UnregisterClassA
RegisterClassExW
SetFocus
IsDialogMessageW
SetCursor
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
ReleaseCapture
SetCapture
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
DispatchMessageW
PeekMessageW
CharNextW
FindWindowExW
GetWindowThreadProcessId
UnregisterClassW
DestroyWindow
KillTimer
SetTimer
GetMessageW
OffsetRect
wsprintfW
MessageBoxW

gdi32

RestoreDC
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
CreateFontW
GetObjectType
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
RectVisible
OffsetViewportOrgEx
EnumFontFamiliesW

advapi32

ControlService
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
CryptSetKeyParam
DeleteService
OpenSCManagerW
OpenServiceW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
RegEnumValueW
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
LockServiceDatabase
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceLockStatusW
QueryServiceStatus
StartServiceW
UnlockServiceDatabase
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegGetValueW

shell32

SHFileOperationW
ShellExecuteExW
ord165
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
OleRun
CoCreateGuid
CreateStreamOnHGlobal
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
VariantInit
SysAllocString
VarBstrCmp
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
SysFreeString
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathCombineW
PathFileExistsW
wnsprintfW
PathIsPrefixW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathFindExtensionW
StrStrIW
PathIsRelativeW
PathIsRootW
StrTrimA
StrCmpNIW
StrStrIA
SHSetValueA
AssocQueryStringW
PathFindFileNameA
PathRenameExtensionA
SHSetValueW
StrCmpIW
StrToIntExW
SHGetValueA
PathAppendA
SHGetValueW
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipSetStringFormatTrimming
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

BasicEntry

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abdaea61a86fab55bdeb3b13149af255

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

crypt32

wintrust

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 486KB - Virtual size: 486KB

.data Size: 18KB - Virtual size: 48KB

.msvcjmc Size: 1024B - Virtual size: 671B

.rsrc Size: 478KB - Virtual size: 478KB

.reloc Size: 94KB - Virtual size: 93KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 486KB - Virtual size: 486KB

.data
Size: 18KB - Virtual size: 48KB

.msvcjmc
Size: 1024B - Virtual size: 671B

.rsrc
Size: 478KB - Virtual size: 478KB

.reloc
Size: 94KB - Virtual size: 93KB