f8869b5afa824baefb63d9d355fcb059f00b7310eda863dd344811b4afbf41e1

Sharing

Copy URL Twitter E-mail

General

Target

f8869b5afa824baefb63d9d355fcb059f00b7310eda863dd344811b4afbf41e1
Size

2.6MB
MD5

c0633a86ed9129256f62f2bb437e4b90
SHA1

612b6b32971f12a0706c221b80f743dffbee4b51
SHA256

f8869b5afa824baefb63d9d355fcb059f00b7310eda863dd344811b4afbf41e1
SHA512

0e21c2660d56732acbb081ea27cf3979fa47f1fa7efa7c342371c01e201c4795e316cd542ea64de3d8777665d4506e871054e9466bc15f9f05d95cf08206935c
SSDEEP

49152:cOwf3w4oUmdpHzOW/e3cbeqZZT7O+PyQ3SvGATbk:0PwlzTDeMzJB93pAfk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8869b5afa824baefb63d9d355fcb059f00b7310eda863dd344811b4afbf41e1

Files

f8869b5afa824baefb63d9d355fcb059f00b7310eda863dd344811b4afbf41e1
.dll windows x86

043a912c9e8cbebf348754e7f46d7552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
FreeLibrary
GetModuleFileNameA
GetCurrentProcessId
GetTickCount
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
Sleep
CreateThread
InitializeCriticalSection
CreateEventA
TerminateThread
GetExitCodeThread
WriteFile
FlushViewOfFile
WaitForSingleObject
SetEvent
ResumeThread
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
Thread32Next
GetThreadContext
OpenThread
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
CreateFileW
MultiByteToWideChar
Module32Next
Module32First
GetVolumeInformationA
QueryDosDeviceA
GetLocalTime
GetLongPathNameA
FileTimeToSystemTime
WideCharToMultiByte
IsBadReadPtr
FindNextFileA
FindFirstFileA
SetConsoleTextAttribute
GetStdHandle
SetFilePointer
ResetEvent
LocalFree
LocalAlloc
OpenProcess
Process32Next
Process32First
ReadProcessMemory
DuplicateHandle
OpenFileMappingA
WriteProcessMemory
IsWow64Process
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapAlloc
lstrcpyA
lstrcatA
DeviceIoControl
CreateFileA
DisableThreadLibraryCalls
GetFileSize
ReadFile
CloseHandle
GetModuleHandleA
GetCurrentDirectoryA
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetLastError
FindClose
SetHandleCount
GetModuleFileNameW
GetTimeZoneInformation
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
EncodePointer
DecodePointer
HeapReAlloc
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FindFirstFileExA
GetFileAttributesA
RtlUnwind
RaiseException
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleHandleW
ExitProcess
HeapCreate
HeapDestroy
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
CreateDirectoryA

user32

KillTimer
SetTimer
FindWindowA
SetWindowLongA
CallWindowProcA
wsprintfW

advapi32

InitializeSecurityDescriptor
RegSetValueExA
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
RegEnumKeyA
RegEnumValueA
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
SetSecurityInfo
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

shlwapi

StrStrIA
PathAppendA

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

winmm

timeGetTime

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

Exports

Exports

CreateInterface

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

043a912c9e8cbebf348754e7f46d7552

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wtsapi32

version

iphlpapi

winmm

wintrust

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2.4MB - Virtual size: 2.4MB