f7f108603b48daa14dd8fc9eca912f9f71dc94efc3bd14cc4ecf909fbb81448e

Sharing

Copy URL Twitter E-mail

General

Target

f7f108603b48daa14dd8fc9eca912f9f71dc94efc3bd14cc4ecf909fbb81448e
Size

908KB
MD5

98a4a10534cbf0bd8afd72266cc4b349
SHA1

436c91921a3752859cd2004caf587be7fe2fd923
SHA256

f7f108603b48daa14dd8fc9eca912f9f71dc94efc3bd14cc4ecf909fbb81448e
SHA512

2dca10356fb879b7f85fa2005d057b49f0320ecf1f390c6c1b03b72d6f6e242f4c44660eb1c2d278c96000612eb3bb9c1d6dc64b8aed1f63889411c3c4461095
SSDEEP

24576:TTcSLiNmJ7FWqxxixsBbT5WRJlqvJRqzT:HcaigBsUbT5SqKT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7f108603b48daa14dd8fc9eca912f9f71dc94efc3bd14cc4ecf909fbb81448e

Files

f7f108603b48daa14dd8fc9eca912f9f71dc94efc3bd14cc4ecf909fbb81448e
.dll windows x64

0df2021e7e9a4fb655dbaab088347839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
gethostname
getpeername
recv
connect
select
__WSAFDIsSet
htonl
WSAIoctl
setsockopt
freeaddrinfo
getaddrinfo
listen
getsockname
accept
sendto
recvfrom
bind
socket
htons
inet_pton
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

HeapAlloc
GetConsoleOutputCP
WriteFile
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
WriteConsoleW
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetCurrentProcess
GetTimeZoneInformation
GetModuleHandleExW
VirtualAlloc
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
GetSystemInfo
QueueUserAPC
ExitProcess
GlobalMemoryStatusEx
WideCharToMultiByte
SleepEx
OpenThread
CheckRemoteDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
Sleep
MoveFileExW
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetDriveTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
EnumResourceTypesW
GetFileAttributesExW
FreeLibraryAndExitThread
HeapSize
GetProcessHeap
SetEnvironmentVariableW
ExitThread
FreeEnvironmentStringsW
GetStringTypeW
RaiseException
InitializeSRWLock
TryAcquireSRWLockExclusive
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
DeleteFileW
CreateThread
GetEnvironmentStringsW

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

ShellExecuteW
SHGetFolderPathW

ntdll

NtProtectVirtualMemory
RtlPcToFileHeader

bcrypt

BCryptGenRandom

Exports

Exports

Hfiubnnb

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0df2021e7e9a4fb655dbaab088347839

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

advapi32

shell32

ntdll

bcrypt

Exports

Exports

Sections

.text Size: 673KB - Virtual size: 673KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 32KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 673KB - Virtual size: 673KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 32KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB