32920691a1fe06bacb1c7d7710551242c5ac429b5189f34dd2b86e463700626c

Sharing

Copy URL Twitter E-mail

General

Target

32920691a1fe06bacb1c7d7710551242c5ac429b5189f34dd2b86e463700626c
Size

612KB
MD5

3e0829b4b93ab4d7b2618271bd706491
SHA1

01b29c1bee6a81704d7601ca6cf1802977e2d9cb
SHA256

32920691a1fe06bacb1c7d7710551242c5ac429b5189f34dd2b86e463700626c
SHA512

2c5b89e82ff3d1a7ac8f6d7956bfe0b41ee8d9b27f624901a37a035f57a66a3eb467c8a84b81005ba1046388f47f197433324dcfdfad3ad1165313dd715a5ad5
SSDEEP

12288:LlJHysMlhPx9ydIs0RxRqZw3A5BkNmcEsOZnIGCx+YqZ/6Wh:LM7PxwdIsMRqu39mcgZIZxMZ6Wh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32920691a1fe06bacb1c7d7710551242c5ac429b5189f34dd2b86e463700626c

Files

32920691a1fe06bacb1c7d7710551242c5ac429b5189f34dd2b86e463700626c
.dll windows x86

dd1e628d78609157db8d55d926f812fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TlsAlloc
InterlockedExchangeAdd
LocalFree
WideCharToMultiByte
InterlockedIncrement
TlsFree
FormatMessageA
SetWaitableTimer
TlsSetValue
SetLastError
InterlockedCompareExchange
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
CreateEventW
Sleep
SetEvent
TerminateThread
CloseHandle
CancelIoEx
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateWaitableTimerW
MultiByteToWideChar
CreateFileW
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
HeapReAlloc

ws2_32

WSAStartup
WSASendTo
inet_ntoa
ntohl
WSAStringToAddressW
inet_addr
ntohs
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
listen
WSASetLastError
WSASocketW
getaddrinfo
getsockname
connect
WSARecv
getsockopt
htonl
htons
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
WSACleanup

mswsock

GetAcceptExSockaddrs
AcceptEx

Exports

Exports

start

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd1e628d78609157db8d55d926f812fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 15KB - Virtual size: 25KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 15KB - Virtual size: 25KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB