aa1d7befa4fcc92a1ee07cd156ac14cfe1606e4470fbdfc4b029c83e677f0eb3

Sharing

Copy URL

Twitter E-mail

General

Target

aa1d7befa4fcc92a1ee07cd156ac14cfe1606e4470fbdfc4b029c83e677f0eb3
Size

142KB
MD5

a2c95b797bf74cf786b1613edd25f5e8
SHA1

c42b4722aa40609bf2a3a4ecf457bcfeca8b79ac
SHA256

aa1d7befa4fcc92a1ee07cd156ac14cfe1606e4470fbdfc4b029c83e677f0eb3
SHA512

8465e9b472dbd9436f2692ac4aa6e7238e3e937e2f3c15bf6068c0962299a7836bd36ded6ac5a108dc07143c5d066f13d01d7213c0b5bd95c1bb554ff0512999
SSDEEP

3072:PQwU/YRsY2vlXnHbQdBjBFpXPCYWMyrV6Hl:pRYvlXnHbc5zpKHMyY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa1d7befa4fcc92a1ee07cd156ac14cfe1606e4470fbdfc4b029c83e677f0eb3

Files

aa1d7befa4fcc92a1ee07cd156ac14cfe1606e4470fbdfc4b029c83e677f0eb3
.dll windows x64

bb68b9a73576c21de3adc566ab6ca478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsDirectoryW
PathMatchSpecW

rainmeter

RmReadFormula
RmPathToAbsolute
RmReadString

kernel32

FreeLibrary
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
GetConsoleOutputCP
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
WriteFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
LoadLibraryExW
EncodePointer
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
FlushFileBuffers

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb68b9a73576c21de3adc566ab6ca478

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rainmeter

kernel32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.data Size: 3KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 568B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 3KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 568B

.reloc
Size: 2KB - Virtual size: 1KB