fe17329fcfab51f9ed91ebf7c5efbb815ad7e1cb07264a006c06ad82a24ab309

Sharing

Copy URL Twitter E-mail

General

Target

fe17329fcfab51f9ed91ebf7c5efbb815ad7e1cb07264a006c06ad82a24ab309
Size

3.2MB
MD5

01cff588fcf414bb02aba7ea962b255b
SHA1

b087571eb83fefd94ff6255f4e8456388dfd7ee4
SHA256

fe17329fcfab51f9ed91ebf7c5efbb815ad7e1cb07264a006c06ad82a24ab309
SHA512

4431f553934b82d8c48cb9c31b2193da78ff8e0fb975d7599eb69237e9132a1e6538d32a88c7c517f691b4ce97a0a8939c673aa2f08f35efe4733c854b37703d
SSDEEP

49152:VZY5OEIz5x9SjS1/O8Z6FhlL9AaPA+240wmq/OP+sxbvJgz2Agrq91Whg7pcwDqh:TEezSjS1/JsBLyi/OPtxbEmhoNDqW4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe17329fcfab51f9ed91ebf7c5efbb815ad7e1cb07264a006c06ad82a24ab309

Files

fe17329fcfab51f9ed91ebf7c5efbb815ad7e1cb07264a006c06ad82a24ab309
.dll windows x86

830e8eb85ae1a210eddd12d0c6419f0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetCurrentProcess
SetThreadPriority
GetCurrentThread
LoadLibraryW
GetTickCount
FreeResource
DeviceIoControl
GetFileSize
FlushFileBuffers
SetLastError
GetVersionExW
GetThreadLocale
SetThreadLocale
GetVersion
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
SetEndOfFile
MoveFileExW
SetFileAttributesW
GetSystemInfo
GetWindowsDirectoryW
GetSystemDirectoryW
lstrlenW
lstrlenA
GetFileAttributesExW
GetNativeSystemInfo
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
FormatMessageA
InitializeCriticalSection
lstrcmpA
FileTimeToSystemTime
SleepEx
GetStdHandle
GetFileType
GetModuleHandleA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
FindNextFileA
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
IsDebuggerPresent
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
ReadFile
FindFirstFileExA
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetModuleFileNameA
FindFirstFileW
GetStartupInfoW
CreatePipe
WaitForSingleObject
CreateProcessW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
GetTempPathW
DeleteFileW
Sleep
LocalFree
CreateThread
WriteFile
OutputDebugStringW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntW
CloseHandle
CreateFileW
FindResourceExW
LockResource
WritePrivateProfileStringW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
FreeLibrary
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
HeapFree
SizeofResource
TerminateProcess
WideCharToMultiByte
DuplicateHandle
WaitForSingleObjectEx
TryEnterCriticalSection
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
CreateDirectoryW
MoveFileW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
RemoveDirectoryW
FindClose
FindNextFileW
IsValidCodePage
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
WriteConsoleW
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead

user32

CharLowerBuffW
KillTimer
SetTimer
GetWindowLongW
GetProcessWindowStation
ShowWindow
SetWindowLongW
CreateWindowExW
RegisterClassExW
IsWindow
DestroyWindow
GetUserObjectInformationW
PostMessageW
wsprintfW
DefWindowProcW
CharNextW
MessageBoxA

advapi32

GetSidSubAuthority
ReportEventA
RegisterEventSourceA
DeregisterEventSource
ConvertSidToStringSidW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
GetUserNameW
DeleteService
ControlService
RegEnumKeyW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW
CommandLineToArgvW
SHCreateDirectoryExW
SHChangeNotify
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitializeSecurity
OleRun
CoInitialize
CoTaskMemRealloc

oleaut32

LoadTypeLi
SysStringLen
VariantClear
VariantCopy
LoadRegTypeLi
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo

shlwapi

PathIsRootW
PathIsDirectoryW
PathSearchAndQualifyW
SHGetValueW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathRemoveBackslashW
PathRemoveFileSpecW
wnsprintfA
StrCmpIW
PathRemoveExtensionW
PathAppendW
PathCombineW
PathFindFileNameW
PathFileExistsW

comctl32

InitCommonControlsEx

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW

psapi

GetModuleFileNameExW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

ws2_32

ntohs
htons
getsockopt
getsockname
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
setsockopt
ioctlsocket
gethostname
shutdown
htonl
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSAIoctl
socket
WSACleanup
WSAStartup
getservbyname
gethostbyname

wldap32

ord127
ord167
ord142
ord27
ord133
ord147
ord301
ord145
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord79

secur32

GetUserNameExW

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

Exports

Exports

BasicEntry
DESTFUNCTION

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.0MB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

830e8eb85ae1a210eddd12d0c6419f0c

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

psapi

crypt32

ws2_32

wldap32

secur32

netapi32

iphlpapi

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 451KB - Virtual size: 450KB

.data Size: 47KB - Virtual size: 89KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 14.0MB - Virtual size: 14.0MB

.reloc Size: 79KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 451KB - Virtual size: 450KB

.data
Size: 47KB - Virtual size: 89KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14.0MB - Virtual size: 14.0MB

.reloc
Size: 79KB - Virtual size: 78KB