0e3ae0585cbd899a48371884322a44cdb83e35b0d682592800cc0c2140605785

Sharing

Copy URL Twitter E-mail

General

Target

0e3ae0585cbd899a48371884322a44cdb83e35b0d682592800cc0c2140605785
Size

681KB
MD5

9fc1e348160bade7e0bed290359b50b7
SHA1

f49d66dd158bfb9fec40ebefc8617d1c54d6e955
SHA256

0e3ae0585cbd899a48371884322a44cdb83e35b0d682592800cc0c2140605785
SHA512

dcd222031a835f0b00aab780db6dd8f6548d5d5279f91d4f96902a0086e25fb52336066a263bfd3ac98f6d0b61ef1bb476c46089126b44882b45c4042d3a704f
SSDEEP

12288:coeO0XlFC7dfGPauIXMvJqzaUbJY/X4Vf9xYjHRAw3LLykh5eeeetttsszTTTaaY:reJXy7dfoUEthHTTnZk9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e3ae0585cbd899a48371884322a44cdb83e35b0d682592800cc0c2140605785

Files

0e3ae0585cbd899a48371884322a44cdb83e35b0d682592800cc0c2140605785
.dll windows x86

49f654479b9036342a2160b84fcc05ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
send
WSAStartup
getaddrinfo
freeaddrinfo
getnameinfo
ntohs
inet_ntoa
inet_addr
htons
htonl
ioctlsocket
closesocket
bind
WSACleanup
recvfrom
select
sendto
socket
WSAGetLastError
gethostbyname
gethostname
accept
connect
getsockname
getsockopt
listen
__WSAFDIsSet

kernel32

QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetCurrentProcess
SetConsoleCtrlHandler
GetTimeZoneInformation
MoveFileW
InitializeCriticalSectionEx
Sleep
GetVersionExA
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
GetCurrentDirectoryW
CreateDirectoryW
CreateFileA
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
CreatePipe
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcessId
CreateThread
CreateRemoteThread
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
ResumeThread
CreateProcessA
OpenProcess
GetTickCount
VirtualProtect
VirtualQuery
VirtualAllocEx
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
GetLogicalDriveStringsA
CopyFileW

user32

GetWindowTextA
FindWindowA
GetSystemMetrics
GetClassNameA
GetWindowThreadProcessId
EnumWindows

advapi32

RegSetValueExA
RegQueryValueExW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantChangeType
SafeArrayPutElement
CreateErrorInfo
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
SafeArrayCreate

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

memcpy
memmove
memset
__current_exception
__current_exception_context
_except_handler4_common
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__std_type_info_destroy_list
_purecall

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
terminate
_exit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_open_osfhandle
fopen
fflush
__acrt_iob_func
__stdio_common_vfprintf
fwrite
__stdio_common_vswprintf
__stdio_common_vsprintf
ftell
_wfopen
fseek
fgets
fclose
fread
feof

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs

api-ms-win-crt-string-l1-1-0

tolower
_wcslwr
isspace
_strlwr

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
_difftime64
_localtime64
_mktime64

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_wchmod
_wstat64i32

Exports

Exports

GetIFactory

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f654479b9036342a2160b84fcc05ec

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 568KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 3KB - Virtual size: 281KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 568KB - Virtual size: 568KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 3KB - Virtual size: 281KB

.reloc
Size: 22KB - Virtual size: 22KB