7d703330401a1872c0d7c74199afdaff6d11bf7aa65d49e53732ed66220c18ba

Sharing

Copy URL

Twitter E-mail

General

Target

7d703330401a1872c0d7c74199afdaff6d11bf7aa65d49e53732ed66220c18ba
Size

300KB
MD5

1fbc313a8a218772370f94a8b6d3665e
SHA1

2dae86eda391fab6fdfa452c16399844649ea1a0
SHA256

7d703330401a1872c0d7c74199afdaff6d11bf7aa65d49e53732ed66220c18ba
SHA512

548a35828464c3fc1fac15b9fc10a7f5f55a624d821110b6885d5b0e25816f11c593d32ae989f525fc0eb8a7786999e50eb9a02acd8051355ebc13134687f969
SSDEEP

6144:RdGQ75x3D0LyDWK/Pn3ejQye8NaNv9vrTBM+7vxA4/1:RHD0WDWK/Gkye8NaNv9vrThh/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d703330401a1872c0d7c74199afdaff6d11bf7aa65d49e53732ed66220c18ba

Files

7d703330401a1872c0d7c74199afdaff6d11bf7aa65d49e53732ed66220c18ba
.dll windows x86

ccf5c5cddaa36f4d958dcf6f161f061f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
SwitchToThread
Sleep
CreateEventA
lstrlenA
UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
SetEvent
WideCharToMultiByte
SizeofResource
ResetEvent
LockResource
CreateFileA
GetFileSize
MapViewOfFileEx
MultiByteToWideChar
GetProcAddress
CreateFileMappingA
GetModuleHandleA
GetTickCount
IsBadReadPtr
GetProcessHeap
LoadLibraryA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameW
FindFirstFileA
RemoveDirectoryA
FindClose
GetModuleFileNameA
FindNextFileA
DeleteFileA
SetPriorityClass
OpenProcess
CreateMutexA
ExitProcess
FreeLibrary
SetUnhandledExceptionFilter
Process32First
WriteFile
GetDriveTypeA
TerminateProcess
lstrcatA
InterlockedExchange
lstrcmpiA
Process32Next
GlobalMemoryStatusEx
GetSystemInfo
CreateToolhelp32Snapshot
OutputDebugStringA
GetDiskFreeSpaceExA
lstrcpyA
GetCurrentThread
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
SetFileAttributesA
GetVersionExA
ResumeThread
SetFilePointer
QueryDosDeviceA
TerminateThread
GetLogicalDriveStringsA
CreateThread
MapViewOfFile
ReadFile
VirtualAlloc
CreateFileW
WaitForSingleObject
GetModuleHandleW
DecodePointer
LocalFree
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetLastError
DeleteCriticalSection
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InterlockedCompareExchange
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
CloseHandle
SetErrorMode
EncodePointer
FreeEnvironmentStringsW
RtlUnwind
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
LoadLibraryW
GetStartupInfoW
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
VirtualQuery
CreateProcessA

user32

GetThreadDesktop
OpenInputDesktop
CloseDesktop
SetThreadDesktop
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA
wsprintfA
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationA

advapi32

CloseEventLog
OpenEventLogA
ClearEventLogA
RegQueryValueA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathStripPathA
StrChrA

ws2_32

setsockopt
freeaddrinfo
WSASetLastError
WSAStringToAddressA
shutdown
send
htons
ntohs
WSAGetLastError
htonl
closesocket
ntohl
WSAIoctl
getsockname
gethostname
inet_addr
WSACloseEvent
connect
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
WSACleanup
recv
bind
socket
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
inet_ntop
getaddrinfo

iphlpapi

GetIfTable

psapi

GetProcessImageFileNameA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccf5c5cddaa36f4d958dcf6f161f061f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

iphlpapi

psapi

wininet

Sections

.text Size: 201KB - Virtual size: 201KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 201KB - Virtual size: 201KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 18KB - Virtual size: 18KB