12bd1a593ef114f71749fe0167f795ac9b598a62dd1c19488152d02f32addfac

Sharing

Copy URL Twitter E-mail

General

Target

12bd1a593ef114f71749fe0167f795ac9b598a62dd1c19488152d02f32addfac
Size

216KB
MD5

e0d7d46305cb4e28ef54dec8a3487349
SHA1

ed2db8c1da102c568d592fd61d36f41ca87c5ff6
SHA256

12bd1a593ef114f71749fe0167f795ac9b598a62dd1c19488152d02f32addfac
SHA512

b82414d8a8a903ff1164ec31eb872d4f49440b7bcf22434932fbe636f2135351812440646fa496a25c77aab6981e61c7dac2e5fb90d4175871be65ddd34bcdca
SSDEEP

3072:sLnN9m5Ml8FSBWkD4SWHt+QSPLrd8QaHjItAXy4c5QjLhUaOooHs:sLLmYjZWHqPLrpC44tjLj4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12bd1a593ef114f71749fe0167f795ac9b598a62dd1c19488152d02f32addfac

Files

12bd1a593ef114f71749fe0167f795ac9b598a62dd1c19488152d02f32addfac
.dll windows x64

4ec839832658ca2da17ac54c2689b761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

TerminateProcess
WaitForSingleObject
CreateProcessW
GetCurrentProcessId
GetCurrentThread
SetLastError
DeleteFileW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
InitializeCriticalSection
EnterCriticalSection
OpenProcess
CreateFileW
WriteFile
PulseEvent
FlushFileBuffers
CreateEventW
SetEndOfFile
CreateFileA
LoadLibraryA
HeapReAlloc
GetLocaleInfoA
GlobalAlloc
GlobalLock
CloseHandle
GlobalUnlock
GlobalFree
GetModuleFileNameW
FindFirstFileW
FindClose
GetTempPathW
GetLastError
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
LeaveCriticalSection
RtlUnwindEx
GetStringTypeW
WideCharToMultiByte
HeapFree
CreateDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
SetEnvironmentVariableA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetConsoleCP
GetConsoleMode
HeapAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetTimeZoneInformation
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA

user32

MessageBoxA
MessageBoxW

winspool.drv

SetJobW
ClosePrinter
OpenPrinterW
GetJobW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
ImpersonateSelf
RevertToSelf
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteValueW

Exports

Exports

DllMain
InitializePrintMonitor
ShowMessage
ShowMessageW

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ec839832658ca2da17ac54c2689b761

Headers

File Characteristics

Imports

psapi

userenv

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 78KB - Virtual size: 77KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 1KB - Virtual size: 1KB