b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d

Sharing

Copy URL

Twitter E-mail

General

Target

b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d
Size

908KB
MD5

d663ebb9947ea39d2004a7fa6e8d79ca
SHA1

1fbdbe294fdb4aaa56ec93716abb2060195723c4
SHA256

b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d
SHA512

4b25c84958b67e5fe235881b534f5ea6d7017d1b53572ff734f5eeac4fb09bbac77c16960165f9225d95ee64e1e222ec53d665fa7295751d75a7b8c0522b1c16
SSDEEP

24576:GHcgLiNmJ7FWqxxixsJrJ5WRJlqvHbNAx:Cc0igBsIrJ5SqWx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d

Files

b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d
.dll windows x64

0df2021e7e9a4fb655dbaab088347839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
gethostname
getpeername
recv
connect
select
__WSAFDIsSet
htonl
WSAIoctl
setsockopt
freeaddrinfo
getaddrinfo
listen
getsockname
accept
sendto
recvfrom
bind
socket
htons
inet_pton
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

HeapAlloc
GetConsoleOutputCP
WriteFile
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
WriteConsoleW
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetCurrentProcess
GetTimeZoneInformation
GetModuleHandleExW
VirtualAlloc
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
GetSystemInfo
QueueUserAPC
ExitProcess
GlobalMemoryStatusEx
WideCharToMultiByte
SleepEx
OpenThread
CheckRemoteDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
Sleep
MoveFileExW
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetDriveTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
EnumResourceTypesW
GetFileAttributesExW
FreeLibraryAndExitThread
HeapSize
GetProcessHeap
SetEnvironmentVariableW
ExitThread
FreeEnvironmentStringsW
GetStringTypeW
RaiseException
InitializeSRWLock
TryAcquireSRWLockExclusive
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
DeleteFileW
CreateThread
GetEnvironmentStringsW

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

ShellExecuteW
SHGetFolderPathW

ntdll

NtProtectVirtualMemory
RtlPcToFileHeader

bcrypt

BCryptGenRandom

Exports

Exports

Hfiubnnb

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0df2021e7e9a4fb655dbaab088347839

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

advapi32

shell32

ntdll

bcrypt

Exports

Exports

Sections

.text Size: 673KB - Virtual size: 673KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 32KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 673KB - Virtual size: 673KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 32KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB