a74450e5df11391d4a9e5968825421ea60209d2638437f35252c0b2488e3e54f

Sharing

Copy URL Twitter E-mail

General

Target

a74450e5df11391d4a9e5968825421ea60209d2638437f35252c0b2488e3e54f
Size

1.9MB
MD5

0696e70b214e5baba6bf4b62898c6d4f
SHA1

42deace93d1ff302e9cf3c19d43d4318efde7363
SHA256

a74450e5df11391d4a9e5968825421ea60209d2638437f35252c0b2488e3e54f
SHA512

0b69cb9c6dfc7a5aeb1b536997f02c1a49003d123fd360e7a739ac347fb74e887f6da1d025a6915623624d5639329c2e5e8f1dff09b2a0a660fe319a3eeba225
SSDEEP

49152:z+W7NG0PPyBjpwSqh7mdsI3ozug+ZDP0YP:y2GcPSqasI3o0DP0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a74450e5df11391d4a9e5968825421ea60209d2638437f35252c0b2488e3e54f

Files

a74450e5df11391d4a9e5968825421ea60209d2638437f35252c0b2488e3e54f
.dll windows x86

29e32c33898a4b4ed19b130f9da46739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrcpyW
DeleteFileW
LoadLibraryW
FreeLibrary
WaitForMultipleObjects
CreateEventW
SetEvent
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
CreateFileA
MapViewOfFile
CreateFileMappingW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
WaitForSingleObject
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetVersionExW
MultiByteToWideChar
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
CreateThread
HeapFree
HeapReAlloc
HeapAlloc
GetStartupInfoW
CreateProcessW
GetCurrentThread
GetCurrentProcess
Sleep
OutputDebugStringW
WriteFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
HeapSize
SetEndOfFile
ReadFile
UnmapViewOfFile
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
FlushFileBuffers
GetSystemWindowsDirectoryW
InterlockedCompareExchange
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetACP
FreeResource
FindNextFileA
FindClose
ReleaseMutex
LocalFree
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
OpenFileMappingW
GetFileSizeEx
CreateFileW
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
EncodePointer
SetLastError
TlsAlloc
TlsGetValue

user32

wsprintfW
PostThreadMessageW
PeekMessageW
GetMessageW
GetWindowThreadProcessId
FindWindowW

advapi32

RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegGetValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateGuid

shlwapi

StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathCombineW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
StrCmpIW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29e32c33898a4b4ed19b130f9da46739

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

urlmon

version

wininet

iphlpapi

crypt32

wintrust

Sections

.text Size: 542KB - Virtual size: 541KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 542KB - Virtual size: 541KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 28KB - Virtual size: 28KB