a9c277668ff6d9fc47c396f52f5d687b49f1555831b3f66a73f18b2e3aa0bb48

Sharing

Copy URL Twitter E-mail

General

Target

a9c277668ff6d9fc47c396f52f5d687b49f1555831b3f66a73f18b2e3aa0bb48
Size

244KB
MD5

3ae94369b1a4216cedc3f657ce21cea4
SHA1

ad85a6e3b0a8dc314ea3a07a2cdd9e00b997c4e2
SHA256

a9c277668ff6d9fc47c396f52f5d687b49f1555831b3f66a73f18b2e3aa0bb48
SHA512

6025f22ef4147de9518528d459832a5ae729533ae77996e595714b20414b533f3175228cb9b18c8f5d3af88c4321445d782196b2a2aa011caeea026bba10cdb3
SSDEEP

3072:qA4GJlmZECD06qLREnFOBCUcHW7Bfyyj/C51hhfJ:qAbJlmZAlLREnFOBNcHW7BRG51/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9c277668ff6d9fc47c396f52f5d687b49f1555831b3f66a73f18b2e3aa0bb48

Files

a9c277668ff6d9fc47c396f52f5d687b49f1555831b3f66a73f18b2e3aa0bb48
.dll windows x86

ced924649df64249e63114c0ac88ac0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

ord219
SHStrDupW

ole32

CoTaskMemFree
CoTaskMemAlloc

user32

LoadBitmapW

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrlenW
GetLastError
OutputDebugStringW
GetComputerNameW
CloseHandle
FreeLibrary
Sleep
GetPrivateProfileIntW
GetProcAddress
GetCurrentThreadId
CreateThread
HeapFree
GetProcessHeap
ReleaseMutex
WaitForSingleObject
CreateMutexW
lstrlenA
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
LocalAlloc
HeapAlloc
GetFileAttributesW
GetCurrentProcessId
LoadLibraryW
GetSystemTimeAsFileTime
GetLocalTime
EncodePointer
LocalFree
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

msvcr100

__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
fwrite
fopen
fclose
_vsnwprintf
__CxxFrameHandler3
malloc
??2@YAPAXI@Z
_purecall
memcpy
memset
??3@YAXPAX@Z
wcscpy_s
_swprintf

netapi32

NetApiBufferFree
NetUserEnum

secur32

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

advapi32

CredProtectW
CredIsProtectedW

credui

CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ced924649df64249e63114c0ac88ac0f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

user32

kernel32

msvcr100

netapi32

secur32

advapi32

credui

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 185KB - Virtual size: 184KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 185KB - Virtual size: 184KB

.reloc
Size: 2KB - Virtual size: 2KB