c0f91f5f02e07e6f30cf61a2fec28b40afedfaa8d2fb59388854c321e52dfb0f

Sharing

Copy URL Twitter E-mail

General

Target

c0f91f5f02e07e6f30cf61a2fec28b40afedfaa8d2fb59388854c321e52dfb0f
Size

1.5MB
MD5

6075e809679768d866ae3f0b22ed2d7e
SHA1

1f056e0b3ecaee4013c70e7fafc080c1bebcc9ff
SHA256

c0f91f5f02e07e6f30cf61a2fec28b40afedfaa8d2fb59388854c321e52dfb0f
SHA512

7c56d85628da96b9c8cbe6d338bedf346efa644de47f389e9654ac45334680148b4f7b08b2168d83c99f74a63f587b9908090345adbb9ae012211a91fd838b73
SSDEEP

24576:CBDFZBT4pa9T0KK7zJPfLlU8r0b8aClSJhzG6GLyXGz+:CBE/7zg8sClSJw6GLD+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f91f5f02e07e6f30cf61a2fec28b40afedfaa8d2fb59388854c321e52dfb0f

Files

c0f91f5f02e07e6f30cf61a2fec28b40afedfaa8d2fb59388854c321e52dfb0f
.dll windows x86

ebe224e78f599ff1407937d28f1e7b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
SearchPathW
GetShortPathNameW
GetTempFileNameW
SetFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
FormatMessageW
SwitchToThread
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
MultiByteToWideChar
VerifyVersionInfoW
SetLastError
VerSetConditionMask
LoadLibraryW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteFileW
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
UnlockFile
ReadFile
LockFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
HeapDestroy
CloseHandle
SetFilePointer
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
lstrcmpiA
GetFileAttributesExW
CreateFileW
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcess
lstrcpynW
lstrlenW
InitializeCriticalSectionEx
GetFileSizeEx
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
RemoveDirectoryW
OutputDebugStringW
SetEvent
WaitForSingleObject
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
GetFileAttributesW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
CreateProcessW
GetStartupInfoW
GetTickCount
GetPrivateProfileIntW
CreateEventW
WaitForMultipleObjects
LocalAlloc
LocalFree
GetEnvironmentVariableW
GetVersionExW
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ResetEvent
WaitForSingleObjectEx

user32

PtInRect
EnumDisplayMonitors
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
LoadStringW
GetShellWindow
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
MoveWindow
UnregisterClassA
GetClassInfoExW
RegisterClassExW
GetCursorPos
IsDialogMessageW
SetCursor
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
CopyRect
SetCapture
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SendMessageW
DestroyWindow
DefWindowProcW
PostQuitMessage
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
wsprintfW
SetFocus
ReleaseCapture

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
OffsetViewportOrgEx
RestoreDC
SaveDC
SelectClipRgn
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateFontW
RectVisible
DeleteObject
EnumFontFamiliesW

advapi32

CreateServiceW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
ControlService
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
RegEnumValueW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
RegQueryValueExA

shell32

SHCreateDirectoryExW
ord165
SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoCreateGuid
OleRun
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
SysStringByteLen
VarBstrCmp
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
SHSetValueA
AssocQueryStringW
PathFileExistsW
PathRenameExtensionA
StrTrimA
StrStrIA
StrStrIW
StrCmpIW
StrToIntExW
SHGetValueA
PathCombineW
wnsprintfW
SHDeleteKeyW
SHSetValueW
PathIsPrefixW
PathFindExtensionW
PathIsRelativeW
PathFindFileNameA
PathIsRootW
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromFileICM
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateSolidFill
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawImagePointRectI

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry

Sections

.text
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebe224e78f599ff1407937d28f1e7b13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 848KB - Virtual size: 848KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 17KB - Virtual size: 38KB

.rsrc Size: 442KB - Virtual size: 442KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 848KB - Virtual size: 848KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 17KB - Virtual size: 38KB

.rsrc
Size: 442KB - Virtual size: 442KB

.reloc
Size: 43KB - Virtual size: 42KB