d5aad58cb8ff7bafd465248bcd1fe3eea76f1a2810a6ff23fe384936f4ac5ae0

Sharing

Copy URL Twitter E-mail

General

Target

d5aad58cb8ff7bafd465248bcd1fe3eea76f1a2810a6ff23fe384936f4ac5ae0
Size

142KB
MD5

953d8d1bf87f861c126851ba8110081b
SHA1

b469f0ceed398e0449c5c7ab842c902a8d2c5639
SHA256

d5aad58cb8ff7bafd465248bcd1fe3eea76f1a2810a6ff23fe384936f4ac5ae0
SHA512

0ba58d890317bed593ab0a4e28e77c64e73b90aefdfb9d9c11d0e06377f345bb36bd223be33356cd0f60d4485818c72d0dcadf87444666227e1bbfd792227eb4
SSDEEP

1536:pASIOWk4Hsh937uKddkOFbjmIkas10edpHXH6:pAjkrtCKddkFzCQxa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5aad58cb8ff7bafd465248bcd1fe3eea76f1a2810a6ff23fe384936f4ac5ae0

Files

d5aad58cb8ff7bafd465248bcd1fe3eea76f1a2810a6ff23fe384936f4ac5ae0
.dll windows x86

27eea8d1b9d2f4d3b321b57236583898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgcc_s_dw2-1

__divdi3
__udivdi3

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_errno
_initterm
_iob
_lock
_unlock
_write
abort
calloc
free
fwrite
memcpy
memset
realloc
strlen
strncmp
vfprintf

libgio-2.0-0

g_cancellable_cancel
g_cancellable_is_cancelled
g_cancellable_make_pollfd
g_cancellable_new
g_cancellable_release_fd
g_cancellable_reset
g_cancellable_set_error_if_cancelled
g_cancellable_source_new
g_datagram_based_condition_check
g_datagram_based_create_source
g_datagram_based_get_type
g_datagram_based_receive_messages
g_datagram_based_send_messages
g_dtls_client_connection_get_server_identity
g_dtls_client_connection_get_type
g_dtls_client_connection_get_validation_flags
g_dtls_connection_get_type
g_dtls_server_connection_get_type
g_inet_address_new_from_bytes
g_inet_address_to_string
g_inet_socket_address_get_address
g_inet_socket_address_get_port
g_inet_socket_address_get_type
g_initable_get_type
g_initable_new
g_input_stream_close
g_input_stream_get_type
g_io_error_quark
g_io_extension_point_implement
g_io_extension_point_register
g_io_stream_close
g_io_stream_get_input_stream
g_io_stream_get_output_stream
g_network_address_get_hostname
g_network_address_get_type
g_network_service_get_domain
g_network_service_get_type
g_output_stream_close
g_output_stream_get_type
g_pollable_input_stream_can_poll
g_pollable_input_stream_create_source
g_pollable_input_stream_get_type
g_pollable_input_stream_is_readable
g_pollable_output_stream_can_poll
g_pollable_output_stream_create_source
g_pollable_output_stream_get_type
g_pollable_output_stream_is_writable
g_pollable_stream_read
g_pollable_stream_write
g_socket_connection_get_remote_address
g_socket_connection_get_type
g_task_get_source_object
g_task_get_source_tag
g_task_get_task_data
g_task_is_valid
g_task_new
g_task_propagate_boolean
g_task_return_boolean
g_task_return_error
g_task_return_new_error
g_task_run_in_thread
g_task_set_name
g_task_set_priority
g_task_set_source_tag
g_task_set_task_data
g_tls_backend_get_default
g_tls_backend_get_default_database
g_tls_backend_get_type
g_tls_certificate_get_issuer
g_tls_certificate_get_type
g_tls_certificate_verify
g_tls_channel_binding_error_quark
g_tls_client_connection_get_server_identity
g_tls_client_connection_get_type
g_tls_client_connection_get_validation_flags
g_tls_connection_emit_accept_certificate
g_tls_connection_get_certificate
g_tls_connection_get_database
g_tls_connection_get_interaction
g_tls_connection_get_require_close_notify
g_tls_connection_get_type
g_tls_database_get_type
g_tls_database_verify_chain
g_tls_error_quark
g_tls_file_database_get_type
g_tls_interaction_invoke_ask_password
g_tls_interaction_invoke_request_certificate
g_tls_password_get_value
g_tls_password_new
g_tls_server_connection_get_type

libglib-2.0-0

g_assertion_message_expr
g_build_filename
g_byte_array_append
g_byte_array_free
g_byte_array_free_to_bytes
g_byte_array_new
g_byte_array_new_take
g_byte_array_ref
g_byte_array_remove_range
g_byte_array_sized_new
g_byte_array_steal
g_byte_array_unref
g_bytes_equal
g_bytes_get_data
g_bytes_get_size
g_bytes_hash
g_bytes_new
g_bytes_new_static
g_bytes_new_with_free_func
g_bytes_ref
g_bytes_unref
g_clear_error
g_compute_checksum_for_bytes
g_compute_checksum_for_data
g_cond_clear
g_cond_init
g_cond_signal
g_cond_wait
g_date_time_new_from_unix_utc
g_dgettext
g_error_copy
g_error_free
g_error_matches
g_error_new
g_filename_to_uri
g_free
g_get_monotonic_time
g_getenv
g_hash_table_destroy
g_hash_table_insert
g_hash_table_iter_init
g_hash_table_iter_next
g_hash_table_iter_remove
g_hash_table_lookup
g_hash_table_new_full
g_hash_table_remove
g_hash_table_size
g_hash_table_unref
g_hostname_is_ip_address
g_idle_source_new
g_intern_static_string
g_list_free_full
g_list_prepend
g_list_reverse
g_log_structured
g_log_structured_standard
g_main_context_invoke
g_main_context_is_owner
g_main_context_iteration
g_main_context_new
g_main_context_pop_thread_default
g_main_context_push_thread_default
g_main_context_ref_thread_default
g_main_context_unref
g_main_context_wakeup
g_malloc
g_malloc0
g_malloc_n
g_mutex_clear
g_mutex_init
g_mutex_lock
g_mutex_unlock
g_once_impl
g_once_init_enter
g_once_init_leave
g_path_is_absolute
g_poll
g_propagate_error
g_propagate_prefixed_error
g_ptr_array_add
g_ptr_array_new_full
g_ptr_array_new_with_free_func
g_ptr_array_unref
g_queue_free_full
g_queue_new
g_queue_pop_head
g_queue_push_tail
g_return_if_fail_warning
g_set_error
g_set_error_literal
g_source_add_child_source
g_source_attach
g_source_destroy
g_source_is_destroyed
g_source_new
g_source_remove_child_source
g_source_set_callback
g_source_set_name
g_source_unref
g_str_equal
g_str_hash
g_strcmp0
g_strconcat
g_strdup
g_strdup_printf
g_strdupv
g_strfreev
g_strndup
g_strv_length
g_test_config_vars
g_thread_self
g_timeout_source_new
g_vasprintf
g_warn_message
g_win32_get_package_installation_directory_of_module

libgnutls-30

gnutls_alert_get
gnutls_alert_get_name
gnutls_alpn_get_selected_protocol
gnutls_alpn_set_protocols
gnutls_bye
gnutls_certificate_allocate_credentials
gnutls_certificate_free_credentials
gnutls_certificate_get_peers
gnutls_certificate_server_set_request
gnutls_certificate_set_retrieve_function2
gnutls_certificate_set_trust_list
gnutls_certificate_type_get
gnutls_certificate_verify_peers3
gnutls_ciphersuite_get
gnutls_credentials_set
gnutls_deinit
gnutls_dtls_get_data_mtu
gnutls_dtls_set_mtu
gnutls_dtls_set_timeouts
gnutls_free
gnutls_global_init
gnutls_handshake
gnutls_handshake_set_hook_function
gnutls_handshake_set_timeout
gnutls_init
gnutls_packet_deinit
gnutls_packet_get
gnutls_pcert_deinit
gnutls_pcert_import_x509
gnutls_pkcs12_deinit
gnutls_pkcs12_import
gnutls_pkcs12_init
gnutls_pkcs12_simple_parse
gnutls_pkcs12_verify_mac
gnutls_priority_init2
gnutls_priority_set
gnutls_privkey_deinit
gnutls_privkey_export_x509
gnutls_privkey_import_url
gnutls_privkey_import_x509
gnutls_privkey_import_x509_raw
gnutls_privkey_init
gnutls_privkey_set_pin_function
gnutls_protocol_get_version
gnutls_record_cork
gnutls_record_recv
gnutls_record_recv_packet
gnutls_record_send
gnutls_record_uncork
gnutls_rehandshake
gnutls_safe_renegotiation_status
gnutls_server_name_set
gnutls_session_channel_binding
gnutls_session_get_data2
gnutls_session_get_ptr
gnutls_session_is_resumed
gnutls_session_set_data
gnutls_session_set_ptr
gnutls_session_set_verify_function
gnutls_strerror
gnutls_transport_get_ptr
gnutls_transport_set_errno
gnutls_transport_set_ptr
gnutls_transport_set_pull_function
gnutls_transport_set_pull_timeout_function
gnutls_transport_set_push_function
gnutls_transport_set_vec_push_function
gnutls_x509_crt_check_hostname
gnutls_x509_crt_check_issuer
gnutls_x509_crt_deinit
gnutls_x509_crt_export
gnutls_x509_crt_export2
gnutls_x509_crt_get_activation_time
gnutls_x509_crt_get_expiration_time
gnutls_x509_crt_get_issuer
gnutls_x509_crt_get_raw_dn
gnutls_x509_crt_get_raw_issuer_dn
gnutls_x509_crt_get_subject
gnutls_x509_crt_get_subject_alt_name2
gnutls_x509_crt_import
gnutls_x509_crt_import_url
gnutls_x509_crt_init
gnutls_x509_crt_list_verify
gnutls_x509_dn_get_str
gnutls_x509_privkey_deinit
gnutls_x509_privkey_export_pkcs8
gnutls_x509_trust_list_add_system_trust
gnutls_x509_trust_list_add_trust_file
gnutls_x509_trust_list_deinit
gnutls_x509_trust_list_init
gnutls_x509_trust_list_iter_get_ca
gnutls_x509_trust_list_verify_crt

libgobject-2.0-0

g_cclosure_marshal_generic
g_closure_invoke
g_io_condition_get_type
g_object_class_install_property
g_object_class_override_property
g_object_get
g_object_new
g_object_notify
g_object_ref
g_object_set
g_object_unref
g_param_spec_boolean
g_signal_connect_data
g_type_add_instance_private
g_type_add_interface_static
g_type_check_instance_is_a
g_type_class_adjust_private_offset
g_type_class_peek_parent
g_type_get_plugin
g_type_interface_peek_parent
g_type_module_add_interface
g_type_module_register_type
g_type_name
g_type_plugin_use
g_type_register_static_simple
g_value_dup_boxed
g_value_dup_object
g_value_dup_string
g_value_get_boolean
g_value_get_boxed
g_value_get_enum
g_value_get_flags
g_value_get_object
g_value_get_string
g_value_init
g_value_set_boolean
g_value_set_boxed
g_value_set_enum
g_value_set_flags
g_value_set_object
g_value_set_pointer
g_value_set_string
g_value_take_boxed
g_value_take_string
g_value_unset
g_weak_ref_clear
g_weak_ref_get
g_weak_ref_init
g_weak_ref_set

libintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_ngettext

Exports

Exports

g_io_gnutls_load
g_io_gnutls_query
g_io_gnutls_unload

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 304B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 141B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27eea8d1b9d2f4d3b321b57236583898

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_dw2-1

kernel32

msvcrt

libgio-2.0-0

libglib-2.0-0

libgnutls-30

libgobject-2.0-0

libintl-8

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 92B

.rdata Size: 16KB - Virtual size: 16KB

/4 Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 304B

.edata Size: 512B - Virtual size: 141B

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 92B

.rdata
Size: 16KB - Virtual size: 16KB

/4
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 304B

.edata
Size: 512B - Virtual size: 141B

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 6KB - Virtual size: 6KB