a67e404289d775de449dd057862f8506e91a79520eed7ece7ecd16b162b954cc

Sharing

Copy URL

Twitter E-mail

General

Target

a67e404289d775de449dd057862f8506e91a79520eed7ece7ecd16b162b954cc
Size

4.2MB
MD5

0bd08b7d42b28ee8d344f58804a0791e
SHA1

25c439c72e9f3bf0ce9f25b5a44c32290d227a57
SHA256

a67e404289d775de449dd057862f8506e91a79520eed7ece7ecd16b162b954cc
SHA512

4dbcfdb9fd6e90b0f16c8909f3933f7a74e2a11bbd05028c8fcc50241b5f6f2d90998ca99d32f9448c8d558aa587ea1b63e31babe108693b3499c303c46f9fd1
SSDEEP

98304:iyJ0I2cT+80Taw88LL4MW8JiQgbkXaAILoGBKf:iE0w8JinkdILoGBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a67e404289d775de449dd057862f8506e91a79520eed7ece7ecd16b162b954cc

Files

a67e404289d775de449dd057862f8506e91a79520eed7ece7ecd16b162b954cc
.dll windows x86

d480b650cf7c4a902f7c81243d114325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrStrIW
PathMatchSpecW

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
Sleep
CreateThread
CreateDirectoryW
CopyFileW
InterlockedExchange
FreeResource
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FlushFileBuffers
GetWindowsDirectoryW
GetLocalTime
GetFileSize
lstrlenA
FileTimeToSystemTime
ReadFile
FileTimeToLocalFileTime
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetUserDefaultLangID
GetEnvironmentVariableW
GetLogicalDriveStringsW
QueryDosDeviceW
DeleteFileW
DisableThreadLibraryCalls
GetLastError
GetTempPathW
GetModuleFileNameW
IsBadReadPtr
IsBadStringPtrW
GetTempFileNameW
GetTickCount
MoveFileExW
CloseHandle
OpenThread
DeviceIoControl
SetLastError
OpenProcess
ReleaseSemaphore
CreateSemaphoreW
ResumeThread
WideCharToMultiByte
GetACP
MultiByteToWideChar
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
CreateEventW
OpenEventW
SearchPathW
GetModuleHandleW
GetFileAttributesW
LoadLibraryA
ExpandEnvironmentStringsW
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
GetDriveTypeW
TerminateThread
LockResource
GetSystemInfo
lstrcmpiW
GetCurrentProcess
CreateMutexW
OpenMutexW
ReleaseMutex
SetEndOfFile
SetFileTime
SetEvent
FindClose
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
LocalFree
InterlockedExchangeAdd
LoadLibraryExW
GetDiskFreeSpaceW
GetVolumeInformationW
lstrlenW
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
lstrcatW
lstrcpyW
GetFileSizeEx
GetFullPathNameW
GetSystemDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
FormatMessageW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GlobalMemoryStatusEx
GetStringTypeW
EncodePointer
HeapReAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceFrequency
MoveFileW
WaitForSingleObject
GetVersionExW
GetFileTime

user32

wsprintfW
UnregisterClassW

advapi32

RegFlushKey
RegDeleteValueW
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupPrivilegeValueW
RegOpenKeyExW
OpenSCManagerW
RegSetValueExW
RegCreateKeyExW
CreateServiceW
OpenServiceW
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
LookupPrivilegeNameW
OpenProcessToken
RegCloseKey
RegOpenCurrentUser
GetTokenInformation
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

Exports

Exports

ExportFunc1
ExportFunc10
ExportFunc11
ExportFunc12
ExportFunc13
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 975KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d480b650cf7c4a902f7c81243d114325

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

advapi32

shell32

version

psapi

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 975KB - Virtual size: 989KB

.rsrc Size: 637KB - Virtual size: 636KB

.reloc Size: 122KB - Virtual size: 122KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 975KB - Virtual size: 989KB

.rsrc
Size: 637KB - Virtual size: 636KB

.reloc
Size: 122KB - Virtual size: 122KB