615aec7ca30e304c2c5d42a92e86f2388b36938a284f89c0545456ba11fb89e7

Sharing

Copy URL Twitter E-mail

General

Target

615aec7ca30e304c2c5d42a92e86f2388b36938a284f89c0545456ba11fb89e7
Size

4.1MB
MD5

6609324f5a4efe24f1824eb9e61e7ce1
SHA1

c01784026747c776ce2c3fda27b4f1e65a4aed6d
SHA256

615aec7ca30e304c2c5d42a92e86f2388b36938a284f89c0545456ba11fb89e7
SHA512

deb88e5615aef467297371f000de7581026fcb66b27d1f738d02b735f1ee63c5b7b420c2eedabc9c7548eff7e21d1a0b3575a95adc38d7468ab6fdd76eef85e0
SSDEEP

98304:jfS4zoWgFg+PGMhRiCu/CVUdVEy9qMBNP/qxct8qXzoxLy:aWge4UdVEy9qMBNLt0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
615aec7ca30e304c2c5d42a92e86f2388b36938a284f89c0545456ba11fb89e7

Files

615aec7ca30e304c2c5d42a92e86f2388b36938a284f89c0545456ba11fb89e7
.dll windows x86

8c22df3fe89aa3101002c8613ab728a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
LoadLibraryExW
lstrcmpiW
WritePrivateProfileStringW
GetDriveTypeW
InterlockedPushEntrySList
SwitchToThread
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetPrivateProfileStringW
LocalAlloc
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
MultiByteToWideChar
GetPrivateProfileIntW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetVersionExW
GetTickCount
GetStartupInfoW
CreateProcessW
GetCurrentProcess
WideCharToMultiByte
UnlockFile
ReadFile
LockFile
GetFileSize
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetEnvironmentVariableW
FormatMessageW
LocalFree
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
GetTempFileNameA
GetTempPathA
WriteFile
FreeResource
InterlockedCompareExchange
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
SetUnhandledExceptionFilter
ResetEvent
DeleteFileA
CreateFileA
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
FlushInstructionCache

user32

SetCapture
SetFocus
EndDialog
SetWindowPos
SendMessageW
GetShellWindow
LoadStringW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
ReleaseCapture
GetActiveWindow
DialogBoxParamW
LoadImageW
SetForegroundWindow
GetSystemMetrics
IsIconic
IsWindowVisible
SetTimer
FindWindowW
CharNextW
BringWindowToTop
PeekMessageW
GetCursorPos
CopyRect
EnumDisplayMonitors
wsprintfW
MessageBoxW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
UnionRect
OffsetRect
EqualRect
DestroyCursor
DrawFocusRect
MoveWindow
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
GetDC
ShowWindow
IsWindow
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
DestroyWindow
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
PostQuitMessage
CreateWindowExW
ReleaseDC
BeginPaint
EndPaint

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
RectVisible
CreateRectRgnIndirect
OffsetViewportOrgEx
CreateCompatibleBitmap

advapi32

SetEntriesInAclW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
EqualSid
DeleteAce
RegQueryValueExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceW
GetUserNameW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateGuid
OleRun
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

PathIsPrefixW
SHSetValueW
PathIsDirectoryW
wnsprintfW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
StrStrIW
SHGetValueW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipDeleteGraphics

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry
CreateApp
GetIsEmbed
InstallEntryW
Start
Uninst

Sections

.text
Size: 947KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c22df3fe89aa3101002c8613ab728a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

Exports

Exports

Sections

.text Size: 947KB - Virtual size: 946KB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 19KB - Virtual size: 38KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 947KB - Virtual size: 946KB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 19KB - Virtual size: 38KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 48KB - Virtual size: 48KB