333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979

Sharing

Copy URL Twitter E-mail

General

Target

333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979
Size

5.0MB
MD5

98c1ecc4aed0099fb8c797b1ce72f3c0
SHA1

241531a971e41dee5023798b736e2e2151b405d7
SHA256

333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979
SHA512

1de59b0847a86f7e722657bd27617b6b82f1b0a41a206fed95f2f2efb598106b537e11551029d345503d71c2bd3a059abd28c282df997c3935c1d86dfdb2b506
SSDEEP

49152:dMy8+4PMqyRY+2QuaPHBphpBmn5DAMlp4lRQ+L3RScXUFHAqHYW3M1TqIGSmMQt9:JcaPbxmBA26UUcHAq4W3M5TWRIA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979

Files

333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979
.dll windows x64

0311c71b0a18d452393cf61137266fc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnmapViewOfFile
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
DeleteFiber
SwitchToFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
GetSystemTime
SetLastError
CloseHandle
GetConsoleCP
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
HeapSize
GetModuleFileNameW
GetFileInformationByHandle
FileTimeToSystemTime
GetComputerNameExW
GetComputerNameExA
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentProcess
Sleep
GetLocalTime
LocalAlloc
GetTickCount
GetLocaleInfoW
LoadLibraryW
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FlsAlloc
DeleteCriticalSection
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GetProcessHeap
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
CreateFileA
FlsFree
GetStringTypeW
SetFilePointer
FlushFileBuffers
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetStdHandle
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
SetHandleInformation
InitializeCriticalSection
SystemTimeToFileTime
SetHandleCount
GetStartupInfoW
GetDriveTypeW
HeapFree
GetDateFormatW
GetTimeFormatW
HeapAlloc
EncodePointer
DecodePointer
GetLogicalDrives
GetCurrentThreadId
FlsSetValue
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTimeZoneInformation
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
wsprintfW

advapi32

RegisterEventSourceW
ReportEventW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
DeregisterEventSource

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear

ws2_32

WSASetLastError
WSACleanup
WSAGetLastError
inet_ntoa
gethostbyname
gethostname
connect
inet_addr
send
recv
accept
listen
bind
htons
socket
WSAStartup
closesocket
select

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

Exports

Exports

PSetupAssociateICMProfiles
ServiceMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0311c71b0a18d452393cf61137266fc8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 452KB - Virtual size: 451KB

.data Size: 66KB - Virtual size: 167KB

.pdata Size: 64KB - Virtual size: 64KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 24KB - Virtual size: 24KB

.vlizer Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 452KB - Virtual size: 451KB

.data
Size: 66KB - Virtual size: 167KB

.pdata
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 24KB - Virtual size: 24KB

.vlizer
Size: 3.3MB - Virtual size: 3.3MB