931526634271d551c08ca6a84081c7e06f8d77b92d6fcdcdcd157c9ce00142c2

Sharing

Copy URL Twitter E-mail

General

Target

931526634271d551c08ca6a84081c7e06f8d77b92d6fcdcdcd157c9ce00142c2
Size

149KB
MD5

9ae1121dff6b5701ecf2d48ea2c42ec5
SHA1

ca7a7dd13d85cde8fe042288699402671b82aa46
SHA256

931526634271d551c08ca6a84081c7e06f8d77b92d6fcdcdcd157c9ce00142c2
SHA512

ed4466d35a95e1a03985bb8f551be5ec5a3b6da1998245fc580e27f4e4fc09a1c7dbd8b2c35d120f84c83b40f2f4ba0a9e9378f665ca1828f5dd14ec8cf8d251
SSDEEP

1536:yrV28VyHaC4/lezu71YRVbfLe8baczMpzZjE0dkCdaAQk4UIW9g+8ZvcCdj89:8ia/cmGbodkI14UI5+qjM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
931526634271d551c08ca6a84081c7e06f8d77b92d6fcdcdcd157c9ce00142c2

Files

931526634271d551c08ca6a84081c7e06f8d77b92d6fcdcdcd157c9ce00142c2
.dll windows x86

1a6ad9c4301cdd573ffac28c6598b038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

libgcc_s_dw2-1

__divdi3

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_errno
_initterm
_iob
_lock
_unlock
_write
abort
calloc
free
fwrite
memcpy
realloc
strlen
strncmp
vfprintf

libcrypto-3

ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_STRING_get0_data
ASN1_STRING_length
ASN1_TIME_to_tm
BIO_clear_flags
BIO_ctrl
BIO_free
BIO_free_all
BIO_get_data
BIO_get_init
BIO_get_new_index
BIO_get_shutdown
BIO_meth_new
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_write
BIO_new
BIO_new_mem_buf
BIO_s_mem
BIO_set_data
BIO_set_flags
BIO_set_init
BIO_set_shutdown
BIO_write
CRYPTO_get_ex_new_index
ERR_error_string_n
ERR_get_error
ERR_peek_last_error
ERR_reason_error_string
EVP_PKEY2PKCS8
EVP_PKEY_free
EVP_PKEY_up_ref
EVP_get_digestbyname
GENERAL_NAME_free
OBJ_find_sigid_algs
OBJ_nid2sn
OCSP_BASICRESP_free
OCSP_RESPONSE_free
OCSP_basic_verify
OCSP_check_validity
OCSP_resp_count
OCSP_resp_get0
OCSP_response_get1_basic
OCSP_response_status
OCSP_single_get0_status
OPENSSL_init_crypto
OPENSSL_sk_delete
OPENSSL_sk_free
OPENSSL_sk_new_null
OPENSSL_sk_num
OPENSSL_sk_pop_free
OPENSSL_sk_push
OPENSSL_sk_value
PEM_read_bio_PrivateKey
PEM_read_bio_X509
PEM_write_bio_PKCS8PrivateKey
PEM_write_bio_X509
PKCS12_free
PKCS12_parse
PKCS8_PRIV_KEY_INFO_free
X509_NAME_free
X509_NAME_hash_ex
X509_NAME_print_ex
X509_STORE_CTX_free
X509_STORE_CTX_get_error
X509_STORE_CTX_init
X509_STORE_CTX_new
X509_STORE_CTX_set0_trusted_stack
X509_STORE_CTX_set_flags
X509_STORE_add_cert
X509_STORE_free
X509_STORE_load_locations
X509_STORE_new
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_set1_host
X509_check_host
X509_check_ip
X509_digest
X509_dup
X509_free
X509_get0_notAfter
X509_get0_notBefore
X509_get_ext_d2i
X509_get_issuer_name
X509_get_signature_nid
X509_get_subject_name
X509_issuer_name_hash
X509_subject_name_hash
X509_verify_cert
d2i_OCSP_RESPONSE
d2i_PKCS12_bio
d2i_PrivateKey_bio
d2i_X509
d2i_X509_NAME
i2d_PKCS8_PRIV_KEY_INFO_bio
i2d_X509
i2d_X509_NAME

libgio-2.0-0

g_cancellable_cancel
g_cancellable_is_cancelled
g_cancellable_make_pollfd
g_cancellable_new
g_cancellable_release_fd
g_cancellable_reset
g_cancellable_set_error_if_cancelled
g_cancellable_source_new
g_datagram_based_condition_check
g_datagram_based_create_source
g_datagram_based_get_type
g_datagram_based_receive_messages
g_datagram_based_send_messages
g_dtls_client_connection_get_server_identity
g_dtls_client_connection_get_type
g_dtls_client_connection_get_validation_flags
g_dtls_connection_get_type
g_dtls_server_connection_get_type
g_inet_address_get_native_size
g_inet_address_new_from_bytes
g_inet_address_new_from_string
g_inet_address_to_bytes
g_inet_address_to_string
g_inet_socket_address_get_address
g_inet_socket_address_get_port
g_inet_socket_address_get_type
g_initable_get_type
g_initable_new
g_input_stream_close
g_input_stream_get_type
g_io_error_quark
g_io_extension_point_implement
g_io_extension_point_register
g_io_stream_close
g_io_stream_get_input_stream
g_io_stream_get_output_stream
g_network_address_get_hostname
g_network_address_get_type
g_network_service_get_domain
g_network_service_get_type
g_output_stream_close
g_output_stream_get_type
g_pollable_input_stream_can_poll
g_pollable_input_stream_create_source
g_pollable_input_stream_get_type
g_pollable_input_stream_is_readable
g_pollable_output_stream_can_poll
g_pollable_output_stream_create_source
g_pollable_output_stream_get_type
g_pollable_output_stream_is_writable
g_pollable_stream_read
g_pollable_stream_write
g_socket_connection_get_remote_address
g_socket_connection_get_type
g_task_get_source_object
g_task_get_source_tag
g_task_get_task_data
g_task_is_valid
g_task_new
g_task_propagate_boolean
g_task_return_boolean
g_task_return_error
g_task_return_new_error
g_task_run_in_thread
g_task_set_name
g_task_set_priority
g_task_set_source_tag
g_task_set_task_data
g_tls_backend_get_default
g_tls_backend_get_default_database
g_tls_backend_get_type
g_tls_certificate_get_issuer
g_tls_certificate_get_type
g_tls_certificate_list_new_from_file
g_tls_certificate_verify
g_tls_channel_binding_error_quark
g_tls_client_connection_get_server_identity
g_tls_client_connection_get_type
g_tls_client_connection_get_validation_flags
g_tls_connection_emit_accept_certificate
g_tls_connection_get_certificate
g_tls_connection_get_database
g_tls_connection_get_interaction
g_tls_connection_get_require_close_notify
g_tls_connection_get_type
g_tls_database_get_type
g_tls_database_verify_chain
g_tls_error_quark
g_tls_file_database_get_type
g_tls_interaction_invoke_ask_password
g_tls_interaction_invoke_request_certificate
g_tls_server_connection_get_type

libglib-2.0-0

g_ascii_strtoll
g_assertion_message_expr
g_build_filename
g_byte_array_append
g_byte_array_free
g_byte_array_free_to_bytes
g_byte_array_new
g_byte_array_new_take
g_byte_array_remove_range
g_byte_array_set_size
g_byte_array_sized_new
g_byte_array_unref
g_bytes_equal
g_bytes_get_data
g_bytes_get_size
g_bytes_hash
g_bytes_new
g_bytes_ref
g_bytes_unref
g_clear_error
g_compute_checksum_for_bytes
g_compute_checksum_for_data
g_cond_clear
g_cond_init
g_cond_signal
g_cond_wait
g_date_time_new
g_dgettext
g_error_copy
g_error_free
g_error_matches
g_error_new
g_filename_to_uri
g_free
g_get_monotonic_time
g_getenv
g_hash_table_destroy
g_hash_table_insert
g_hash_table_iter_init
g_hash_table_iter_next
g_hash_table_iter_remove
g_hash_table_lookup
g_hash_table_new_full
g_hash_table_remove
g_hash_table_size
g_hash_table_unref
g_hostname_is_ip_address
g_idle_source_new
g_int_equal
g_int_hash
g_intern_static_string
g_list_free
g_list_free_full
g_list_prepend
g_list_reverse
g_log_structured
g_log_structured_standard
g_main_context_invoke
g_main_context_is_owner
g_main_context_iteration
g_main_context_new
g_main_context_pop_thread_default
g_main_context_push_thread_default
g_main_context_ref_thread_default
g_main_context_unref
g_main_context_wakeup
g_malloc
g_malloc0
g_malloc_n
g_mutex_clear
g_mutex_init
g_mutex_lock
g_mutex_unlock
g_once_impl
g_once_init_enter
g_once_init_leave
g_path_is_absolute
g_poll
g_propagate_error
g_ptr_array_add
g_ptr_array_new_full
g_ptr_array_new_with_free_func
g_ptr_array_unref
g_queue_free_full
g_queue_new
g_queue_pop_head
g_queue_push_tail
g_return_if_fail_warning
g_set_error
g_set_error_literal
g_source_add_child_source
g_source_attach
g_source_destroy
g_source_is_destroyed
g_source_new
g_source_remove_child_source
g_source_set_callback
g_source_set_name
g_source_unref
g_str_equal
g_str_hash
g_strcmp0
g_strconcat
g_strdup
g_strdup_printf
g_strfreev
g_strndup
g_strsplit
g_strv_length
g_test_config_vars
g_thread_self
g_time_zone_new_utc
g_time_zone_unref
g_timeout_source_new
g_vasprintf
g_win32_get_package_installation_directory_of_module

libgobject-2.0-0

g_cclosure_marshal_generic
g_closure_invoke
g_io_condition_get_type
g_object_class_install_property
g_object_class_override_property
g_object_get
g_object_new
g_object_notify
g_object_ref
g_object_set
g_object_unref
g_param_spec_boolean
g_signal_connect_data
g_type_add_instance_private
g_type_add_interface_static
g_type_check_instance_is_a
g_type_class_adjust_private_offset
g_type_class_peek_parent
g_type_get_plugin
g_type_interface_peek_parent
g_type_module_add_interface
g_type_module_register_type
g_type_name
g_type_plugin_use
g_type_register_static_simple
g_value_dup_boxed
g_value_dup_object
g_value_dup_string
g_value_get_boolean
g_value_get_boxed
g_value_get_enum
g_value_get_flags
g_value_get_object
g_value_get_string
g_value_init
g_value_set_boolean
g_value_set_boxed
g_value_set_enum
g_value_set_flags
g_value_set_object
g_value_set_pointer
g_value_set_string
g_value_take_boxed
g_value_take_string
g_value_unset
g_weak_ref_clear
g_weak_ref_get
g_weak_ref_init
g_weak_ref_set

libintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext

libssl-3

DTLS_client_method
DTLS_server_method
OPENSSL_init_ssl
SSL_CIPHER_get_name
SSL_CTX_add_session
SSL_CTX_clear_options
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_new
SSL_CTX_sess_set_new_cb
SSL_CTX_set1_param
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cipher_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_options
SSL_SESSION_dup
SSL_SESSION_free
SSL_SESSION_get_protocol_version
SSL_SESSION_new
SSL_SESSION_up_ref
SSL_ctrl
SSL_do_handshake
SSL_export_keying_material
SSL_free
SSL_get0_alpn_selected
SSL_get1_peer_certificate
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_finished
SSL_get_options
SSL_get_peer_cert_chain
SSL_get_peer_finished
SSL_get_session
SSL_key_update
SSL_new
SSL_read
SSL_renegotiate
SSL_select_next_proto
SSL_session_reused
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_set_session
SSL_set_verify
SSL_set_verify_depth
SSL_shutdown
SSL_use_PrivateKey
SSL_use_certificate
SSL_version
SSL_write
TLS_client_method
TLS_server_method

Exports

Exports

g_io_openssl_load
g_io_openssl_query
g_io_openssl_unload

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 304B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 145B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6ad9c4301cdd573ffac28c6598b038

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

libgcc_s_dw2-1

kernel32

msvcrt

libcrypto-3

libgio-2.0-0

libglib-2.0-0

libgobject-2.0-0

libintl-8

libssl-3

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.data Size: 512B - Virtual size: 100B

.rdata Size: 16KB - Virtual size: 16KB

/4 Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 304B

.edata Size: 512B - Virtual size: 145B

.idata Size: 16KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 70KB - Virtual size: 70KB

.data
Size: 512B - Virtual size: 100B

.rdata
Size: 16KB - Virtual size: 16KB

/4
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 304B

.edata
Size: 512B - Virtual size: 145B

.idata
Size: 16KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 6KB - Virtual size: 6KB