ee9147098d2f176374487ef0c1a1bb82c95b365f512e07a63a82239f82e70de5

Sharing

Copy URL Twitter E-mail

General

Target

ee9147098d2f176374487ef0c1a1bb82c95b365f512e07a63a82239f82e70de5
Size

2.8MB
MD5

a20751e4fe09857a09cd4978dc25975c
SHA1

639f8f07980522aab3046bf05901df4eab139996
SHA256

ee9147098d2f176374487ef0c1a1bb82c95b365f512e07a63a82239f82e70de5
SHA512

d05569e920de53cec1dedac89904858421dda2240fe1f3c2372f1c449c954375ffeee353da100429b59b5c54c8720ec53fd8c0e6c5f64d7eba8e45c3d58fc139
SSDEEP

49152:GnQM+Z8IrsZHfVFOiRCijZm9Sqh7mdsI3ozug+ZDPrcwEmsZ:GQvKtBRbqasI3o0DPr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee9147098d2f176374487ef0c1a1bb82c95b365f512e07a63a82239f82e70de5

Files

ee9147098d2f176374487ef0c1a1bb82c95b365f512e07a63a82239f82e70de5
.dll windows x86

63100de7f18b28af9037f9b2be404b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
CreateThread
SetEvent
IsBadReadPtr
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetVersionExW
MultiByteToWideChar
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateFileMappingW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
GetLocalTime
OpenProcess
GetStartupInfoW
CreateProcessW
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
SetFilePointer
HeapAlloc
CreateRemoteThread
GetCurrentProcess
Sleep
OutputDebugStringW
GetTempPathW
WriteFile
SetEndOfFile
ReadFile
GetFileSize
CreateEventW
CreateFileA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
HeapReAlloc
WideCharToMultiByte
DeleteFileW
LoadLibraryW
FreeLibrary
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
FlushFileBuffers
GetSystemWindowsDirectoryW
InterlockedCompareExchange
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
ResumeThread
GetTempFileNameW
GetVersion
ExitProcess
GetACP
lstrcmpW
FreeResource
MulDiv
FindNextFileA
FindClose
ReleaseMutex
LocalFree
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
OpenFileMappingW
GetFileSizeEx
CreateFileW
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

PostQuitMessage
IsWindowVisible
IsIconic
GetWindowTextW
EnumWindows
GetClassNameW
SetWinEventHook
IsWindow
AttachThreadInput
PostMessageW
wsprintfW
PostThreadMessageW
PeekMessageW
GetMessageW
SetWindowLongW
GetWindowLongW
ScreenToClient
SetTimer
EnumDisplayMonitors
GetMonitorInfoW
GetWindowThreadProcessId
FindWindowW
PtInRect
CopyRect
GetCursorPos
GetWindowRect
SetForegroundWindow
GetForegroundWindow
BringWindowToTop
SetWindowPos
SendMessageW
CreateWindowExW
IsChild
DestroyWindow
UpdateLayeredWindow
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
GetParent
MoveWindow
MonitorFromWindow
GetWindow
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
LoadCursorW
LoadImageW
MonitorFromPoint
CharPrevW
DrawTextW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
wvsprintfW
SetCursor
InflateRect
OffsetRect
SetWindowRgn
MessageBoxW
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
SetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FillRect
RemovePropW
FindWindowExW
IsWindowEnabled
DefWindowProcW

advapi32

RegGetValueW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegEnumKeyExA

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoCreateGuid

oleaut32

VariantInit
SysAllocString
SafeArrayCreate
SafeArrayPutElement
VariantClear

shlwapi

StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
SHAutoComplete
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathCombineW
PathFileExistsW
StrCmpIW
SHGetValueW
PathFindFileNameW
PathIsDirectoryW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

gdiplus

GdipDrawEllipseI
GdipLoadImageFromFile
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipAddPathArc
GdipBitmapLockBits
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipGetPropertyItemSize

msimg32

AlphaBlend
GradientFill

comctl32

_TrackMouseEvent
ImageList_DrawEx
InitCommonControlsEx
ord17

gdi32

BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
GetDeviceCaps
CombineRgn
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateDCW
GetDIBits
SetDIBitsToDevice
CreateSolidBrush
CreateCompatibleBitmap

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63100de7f18b28af9037f9b2be404b8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

wininet

iphlpapi

crypt32

wintrust

gdiplus

msimg32

comctl32

gdi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 266KB - Virtual size: 265KB

.data Size: 24KB - Virtual size: 42KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 71KB - Virtual size: 71KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 266KB - Virtual size: 265KB

.data
Size: 24KB - Virtual size: 42KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 71KB - Virtual size: 71KB