7d1488961d0407f9095739824e5cff629afa067ed5e35403006e3cc0812c94a4

Sharing

Copy URL

Twitter E-mail

General

Target

7d1488961d0407f9095739824e5cff629afa067ed5e35403006e3cc0812c94a4
Size

1.5MB
MD5

379046f1fa4489686c19d45265609998
SHA1

0aae8f309766986ae8beb9d8ba14f8dd4047bf91
SHA256

7d1488961d0407f9095739824e5cff629afa067ed5e35403006e3cc0812c94a4
SHA512

6e3dd828f3119fdd75422119271d52032d5b7a338dd06b5db1e43478d3cc1f068f0cbe65c76a9076bde640fc501f6002eaa583f03a08ad1602f1e3f5f687c197
SSDEEP

24576:ErSt7WN5l12bUU3sollRPBLcEVLRn/1WZoh3oLCiiEPeXjTm4nZTUZWIHy0jSOhf:rtyNT14Rfc6h8C8yO4ZgW6NzHTojV2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d1488961d0407f9095739824e5cff629afa067ed5e35403006e3cc0812c94a4

Files

7d1488961d0407f9095739824e5cff629afa067ed5e35403006e3cc0812c94a4
.dll windows x86

951de3da45bc0c8ececf58805c64381c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl
socket
setsockopt
ntohs
htons
WSAStartup
getsockname
getpeername
connect
closesocket
bind
send
recv
ioctlsocket
WSASetLastError
select
__WSAFDIsSet
WSACleanup
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
gethostname
WSAGetLastError
htonl
ntohl
getsockopt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
LockFile
SetEndOfFile
DuplicateHandle
UnlockFile
SetFilePointerEx
FlushFileBuffers
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
SetThreadPriority
Sleep
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
OutputDebugStringA
GetModuleFileNameW
FormatMessageA
GetTickCount
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersionExW
GetNativeSystemInfo
IsDebuggerPresent
WaitForSingleObject
RaiseException
CreateThread
GetCommandLineW
LocalFree
ExpandEnvironmentStringsW
CreateEventW
GetUserDefaultLangID
GetModuleHandleExW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
WaitForMultipleObjects
SetEvent
ResetEvent
GetSystemInfo
MapViewOfFile
CreateFileMappingW
CopyFileW
MoveFileExW
GetCurrentDirectoryW
CloseHandle
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
FreeLibraryAndExitThread
ExitThread
InitializeCriticalSection
CreateFileW
GetTempPathW
RemoveDirectoryW
GetDiskFreeSpaceW
UnlockFileEx
CreateMutexW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
LoadLibraryExA
FormatMessageW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetSystemWow64DirectoryW
DeviceIoControl
CreateFileA
lstrcpyA
SetFilePointer
GetTickCount64
OpenProcess
GetSystemDirectoryW
GetComputerNameW
RtlUnwind
InterlockedFlushSList
GetFullPathNameW
GetFullPathNameA
SetStdHandle
GetConsoleCP
GetConsoleMode
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
ReadConsoleW
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetDriveTypeW
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringW
WaitForSingleObjectEx
HeapSize
GetEnvironmentVariableW
GetWindowsDirectoryW
LoadLibraryA
DeleteFileA
HeapCompact
HeapDestroy
CreateFileMappingA
LockFileEx
WriteFile
GetCurrentProcess
GetVolumeInformationW
ReadFile
CreateDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetFileSize
GetSystemTime
AreFileApisANSI
HeapCreate
PeekNamedPipe
ExpandEnvironmentStringsA
VerifyVersionInfoW
VerSetConditionMask
SleepEx
GetLastError
GetFileType

user32

PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
RegisterClassExW
WaitMessage
UnregisterClassW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
CallMsgFilterW

advapi32

CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
ConvertSidToStringSidW
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameW
GetSidIdentifierAuthority
GetUserNameW

ole32

CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

shlwapi

StrIsIntlEqualA

iphlpapi

GetAdaptersInfo

crypt32

CertGetCertificateChain
CryptStringToBinaryW
CertAddCertificateContextToStore
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore

wldap32

ord79
ord133
ord147
ord301
ord27
ord26
ord142
ord118
ord167
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord145
ord127

Exports

Exports

DoWorks
GetHandleVerifier

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

951de3da45bc0c8ececf58805c64381c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

kernel32

user32

advapi32

ole32

winmm

shlwapi

iphlpapi

crypt32

wldap32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 9KB - Virtual size: 29KB

.gfids Size: 1024B - Virtual size: 856B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.rc Size: 92KB - Virtual size: 92KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 9KB - Virtual size: 29KB

.gfids
Size: 1024B - Virtual size: 856B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB

.rc
Size: 92KB - Virtual size: 92KB