ea38c3b5e7a75343ae84fb2ce51f74c2950b520cd69d5a4ff0b8770b75f2c2b3

Sharing

Copy URL Twitter E-mail

General

Target

ea38c3b5e7a75343ae84fb2ce51f74c2950b520cd69d5a4ff0b8770b75f2c2b3
Size

1.3MB
MD5

907e285565f26162c2da052ec056ef14
SHA1

5d157b15634ad50c1dbef53932b1e66bd205ad35
SHA256

ea38c3b5e7a75343ae84fb2ce51f74c2950b520cd69d5a4ff0b8770b75f2c2b3
SHA512

d7c102502327f0cedfdd39c24e80f5d789c7ec02091b2867081393ed819533a8efda04a51b06003104b62ad9388f58f9b1b524af37578e8cee4e6648d9a1000c
SSDEEP

24576:uYCF3iMfuWCMg8NsBI6ktqiMXfDUEoTmsg2fu:P43imDg8wI7qbrcmz2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea38c3b5e7a75343ae84fb2ce51f74c2950b520cd69d5a4ff0b8770b75f2c2b3

Files

ea38c3b5e7a75343ae84fb2ce51f74c2950b520cd69d5a4ff0b8770b75f2c2b3
.dll windows x86

269ebfb2e27e0cda8f72546c421ec5a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

SetPrinterDataExW
EnumPortsW
EndDocPrinter
FindNextPrinterChangeNotification

ole32

StgOpenStorageEx

advapi32

ImpersonateNamedPipeClient
CryptContextAddRef
CloseEncryptedFileRaw
CopySid
LookupPrivilegeDisplayNameA
LockServiceDatabase
InitiateSystemShutdownW
SaferCreateLevel
SetServiceStatus
SetEntriesInAclW

shlwapi

SHGetValueW

powrprof

GetActivePwrScheme

shell32

SHGetFileInfoA

user32

DefDlgProcA
OpenDesktopW
SetFocus
GetFocus
TranslateMDISysAccel
GetDesktopWindow
GetMenuStringA
CreateDialogIndirectParamA
ReuseDDElParam
DrawTextA
CharLowerBuffW
GetClassInfoExW
SetDlgItemTextW
CheckRadioButton
SendMessageTimeoutA
LoadStringA
SetWindowsHookExA
CopyAcceleratorTableA
IntersectRect
GetParent
GetPropW
CreateIconFromResource
GetWindow
TrackPopupMenu
GetGUIThreadInfo
MenuItemFromPoint
IsIconic
NotifyWinEvent
PostQuitMessage
ShowCursor
CreateDialogParamA

secur32

CompleteAuthToken
GetUserNameExW
InitializeSecurityContextW

wininet

InternetConnectA
FindNextUrlCacheEntryExA
SetUrlCacheEntryInfoW
InternetQueryOptionA
HttpSendRequestExW

msvcrt

wcstol
ispunct
strlen
iscntrl
iswupper
wcsftime
strcoll
fsetpos
fgetpos
towupper
memset
fwrite

comdlg32

PrintDlgA
FindTextA

oleaut32

LoadTypeLibEx

gdi32

SetMiterLimit
TextOutW
GetCharacterPlacementW
GetCurrentPositionEx
GdiComment
CreateCompatibleBitmap
CreateDIBSection
PlayEnhMetaFileRecord
GetViewportOrgEx
GetPaletteEntries
SetDCBrushColor
GetTextExtentPointA
ExcludeClipRect
GetObjectType
LPtoDP
PlayMetaFile
BeginPath
GetViewportExtEx
SetMapMode
GetGraphicsMode
StartDocW

lz32

LZSeek

kernel32

EndUpdateResourceA
GetVersion
LeaveCriticalSection
IsBadHugeReadPtr
HeapAlloc
FindAtomW
SetCurrentDirectoryW
WriteProfileStringW
FlushConsoleInputBuffer
CreateMutexW
GetPriorityClass
SetConsoleActiveScreenBuffer
WriteConsoleA
SetMailslotInfo
FindNextVolumeMountPointW
PeekNamedPipe
FindNextFileW
WritePrivateProfileSectionA
GetModuleHandleW
WTSGetActiveConsoleSessionId
GetProcessVersion
GetLogicalDrives
GetCPInfoExW
UnlockFile
GetFileInformationByHandle
GetMailslotInfo
DeleteTimerQueueEx
SetConsoleCursorPosition
GetProcAddress
GetModuleFileNameW
ReadConsoleA
LocalAlloc
GetConsoleMode
Thread32Next
FileTimeToLocalFileTime
GlobalFree
DeactivateActCtx
GetQueuedCompletionStatus
GetStartupInfoA
ResetEvent
GetThreadSelectorEntry
SetCommBreak
ClearCommError
FileTimeToDosDateTime
GetUserDefaultLCID
GlobalSize
GetThreadTimes
GetTickCount
LocalLock
GetExitCodeProcess
WaitForMultipleObjectsEx
FindCloseChangeNotification
FindAtomA
EscapeCommFunction
VirtualUnlock
GetTempFileNameA
SetFilePointer
GlobalHandle
GetCurrentConsoleFont
FindFirstFileA
GetNumberFormatW
FindVolumeMountPointClose
VerSetConditionMask

version

VerQueryValueA
GetFileVersionInfoA

ws2_32

ntohl
gethostbyname

urlmon

FaultInIEFeature

Sections

.text
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

269ebfb2e27e0cda8f72546c421ec5a2

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

ole32

advapi32

shlwapi

powrprof

shell32

user32

secur32

wininet

msvcrt

comdlg32

oleaut32

gdi32

lz32

kernel32

version

ws2_32

urlmon

Sections

.text Size: 808KB - Virtual size: 807KB

.rdata Size: 372KB - Virtual size: 370KB

.data Size: 100KB - Virtual size: 97KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 808KB - Virtual size: 807KB

.rdata
Size: 372KB - Virtual size: 370KB

.data
Size: 100KB - Virtual size: 97KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 44KB