5ba9865150be6e32147d99e97c48aaff8b45075248ad2c1ff438756fc1532360

Sharing

Copy URL Twitter E-mail

General

Target

5ba9865150be6e32147d99e97c48aaff8b45075248ad2c1ff438756fc1532360
Size

2.3MB
MD5

261da83bf3e6527006a504e4036bf6d4
SHA1

587ee614a22f524ae7551379cb09bb6ce4a544be
SHA256

5ba9865150be6e32147d99e97c48aaff8b45075248ad2c1ff438756fc1532360
SHA512

c17d8564a28655a91086476f7e2dc88e5186b1bfe7d7a8bdc13b55d29708838aadd10e740d79b5f336a614d4714fd6b0d69a626645ef90649cf398cd672965af
SSDEEP

49152:q206oJd9igCAWx2AaX+QL/uyMcROggggMopasB36uVjg8VGm/nBMoV7XBCtPcCNO:qLd9igCTFQDuyAp1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ba9865150be6e32147d99e97c48aaff8b45075248ad2c1ff438756fc1532360

Files

5ba9865150be6e32147d99e97c48aaff8b45075248ad2c1ff438756fc1532360
.dll windows x86

5366be6ca0ee589c789386dc897c5dd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
SetFilePointer
SetEndOfFile
CloseHandle
GetFileSize
CreateDirectoryW
GetFullPathNameW
lstrlenW
GetTempPathW
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetTempFileNameW
MoveFileW
FindNextFileW
FindClose
GetVersionExW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
WaitForMultipleObjects
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
WriteFile
GetCurrentProcess
SetThreadPriority
CreateEventW
Sleep
SetThreadExecutionState
SetLastError
FormatMessageW
GetStdHandle
SetConsoleMode
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetFileType
FoldStringW
CompareStringW
GetCPInfo
IsDBCSLeadByte
GetDiskFreeSpaceExW
ReleaseSemaphore
GetProcessAffinityMask
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
CreateSemaphoreW
SetUnhandledExceptionFilter
ReadFile
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetFileAttributesExW
GetLastError
CreateFileW
GetShortPathNameW
GetLongPathNameW
FindFirstFileW
GetModuleHandleW
GetProcAddress
VirtualAlloc
GetSystemTime
VirtualFree
ResumeThread
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetSystemInfo
FileTimeToDosDateTime
DosDateTimeToFileTime
InterlockedExchangeAdd
LoadLibraryExW
InitializeSListHead
UnhandledExceptionFilter

user32

MessageBeep
CharUpperW
CharLowerW
CharToOemA
OemToCharBuffA
OemToCharA

advapi32

IsTextUnicode

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_exception_copy
memcpy
__RTDynamicCast
_purecall
memchr
wcsrchr
memcmp
__std_exception_destroy
__std_type_info_destroy_list
strrchr
_except_handler4_common
strchr
_CxxThrowException
memmove
__CxxFrameHandler3
__std_terminate
wcschr
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
terminate
exit
_errno
_beginthreadex

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free
realloc

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-string-l1-1-0

strncmp
wcspbrk
strpbrk
strncat
strncpy_s
strncpy
isxdigit
isdigit
wcsncpy
strcmp
wcslen
tolower
towupper
_strnicmp
towlower

api-ms-win-crt-stdio-l1-1-0

fwrite
__stdio_common_vswprintf
__stdio_common_vswprintf_s
fseek
fclose
ftell
__stdio_common_vsprintf
ungetc
putc
__acrt_iob_func
fflush
_fileno
fread

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_except1

Exports

Exports

CreateArchiveInfoObjects
CreateCodecs
SetCodePage
SetResFileName
SetWorkDirectory

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5366be6ca0ee589c789386dc897c5dd5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 58KB - Virtual size: 159KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 58KB - Virtual size: 159KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 125KB - Virtual size: 125KB