14bbfd76f43091bd9b18aa62e68cb3f59bb28599cd84d6068a7da2a6c762d92e

Sharing

Copy URL Twitter E-mail

General

Target

14bbfd76f43091bd9b18aa62e68cb3f59bb28599cd84d6068a7da2a6c762d92e
Size

651KB
MD5

37d7c21ec38691d6ed7a49d461d681ea
SHA1

eac8f7e106aced6b590177c8b3edec310f16bf96
SHA256

14bbfd76f43091bd9b18aa62e68cb3f59bb28599cd84d6068a7da2a6c762d92e
SHA512

d1207bb19b19eb7fc6d83fc10a1d028f6588b89d74208984ddfc7002d5c1007761243c7ecaaf21bf6686c800c8c2deaf6aab1209c36b77273d7d717594ce5d78
SSDEEP

12288:u9dhymhnopupZRpAOdmOXIcjWkvzaM5yIIs3:u9dhyIoptOdmOXVWkvzaVI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14bbfd76f43091bd9b18aa62e68cb3f59bb28599cd84d6068a7da2a6c762d92e

Files

14bbfd76f43091bd9b18aa62e68cb3f59bb28599cd84d6068a7da2a6c762d92e
.dll windows x86

678a59754102d4ba3899124f603618c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
IsBadWritePtr
SetLastError
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LocalAlloc
CreateFileW
GetFileAttributesW
GetLastError
lstrcatW
LoadLibraryW
GetLocalTime
GetProcAddress
Process32FirstW
DeleteCriticalSection
SystemTimeToFileTime
FreeLibrary
lstrcpyW
IsBadReadPtr
GetVolumeInformationW
DeviceIoControl
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetModuleFileNameW
TerminateProcess
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
LocalFree
lstrlenW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
WideCharToMultiByte
EncodePointer
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapAlloc
HeapFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetACP
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
LCMapStringW
HeapReAlloc
SetFilePointerEx
FlushFileBuffers
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
WriteConsoleW
HeapSize
DecodePointer
CreateTimerQueue
SetEvent
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo

Exports

Exports

FP_Begin
FP_Compress
FP_Decompress
FP_End
FP_FeatureExtract
FP_FeatureMatch
FP_FeatureMatchN
FP_GenFeatureFromEmpty1
FP_GenFeatureFromEmpty2
FP_GetQualityScore
FP_GetVersion
FP_ImageMatch
SetCapDllPath

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

678a59754102d4ba3899124f603618c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

setupapi

iphlpapi

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 231KB - Virtual size: 397KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 231KB - Virtual size: 397KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB