7e1553acb98272a5bbfbb6aa184cc27608c4fd4f814f0e001f08d717bd17c12b

Sharing

Copy URL

Twitter E-mail

General

Target

7e1553acb98272a5bbfbb6aa184cc27608c4fd4f814f0e001f08d717bd17c12b
Size

668KB
MD5

c680e07365f1ca1aa0087d0590de31a5
SHA1

7f5aa939bd87f5087a2ded2d7b5410898f884b2d
SHA256

7e1553acb98272a5bbfbb6aa184cc27608c4fd4f814f0e001f08d717bd17c12b
SHA512

e0f9dd98f96c021d1cb4e93a32d843605687a5c64afa9b932f2458cd4aaabbe030b3942df244a9bc695f63b7a0349f0952c7994d0dcd30e0d3e24d7ca344eced
SSDEEP

12288:3On+BtVAtx/4qhg7C5SI+ytlBjo1NQufKqZODv66tXGobKSqit2/:3u+BrO/ReC5SIltlB6qu3ZODScXGwq9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e1553acb98272a5bbfbb6aa184cc27608c4fd4f814f0e001f08d717bd17c12b

Files

7e1553acb98272a5bbfbb6aa184cc27608c4fd4f814f0e001f08d717bd17c12b
.dll windows x64

8828e30762a4330061e80787773d24df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

socket
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError

wldap32

ord219
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145

kernel32

GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetFileSizeEx
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
DebugBreak
OutputDebugStringA
GetOEMCP
DeleteCriticalSection
CreateFileA
SetFilePointer
WriteFile
lstrlenA
CloseHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
Sleep
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
VerifyVersionInfoW
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
GetLastError
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
MultiByteToWideChar
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
HeapSize
WriteConsoleW
RtlUnwind
InitializeCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
ExitProcess

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceA
DeregisterEventSource

Exports

Exports

RegisterModule

Sections

.text
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8828e30762a4330061e80787773d24df

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 493KB - Virtual size: 492KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 493KB - Virtual size: 492KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB