4c37ce7e572ded7bff61b259024038fe9ab2b4825c43c782a9b41d97af17cdf3

Sharing

Copy URL Twitter E-mail

General

Target

4c37ce7e572ded7bff61b259024038fe9ab2b4825c43c782a9b41d97af17cdf3
Size

3.0MB
MD5

be41665819346d8fcf63fc55a57f824a
SHA1

f5e3d0d8948c2e1c66b648a0505ff76d94f8f329
SHA256

4c37ce7e572ded7bff61b259024038fe9ab2b4825c43c782a9b41d97af17cdf3
SHA512

bac279c32b2163943db51338750e4e372e6adc7d4b3ac4adfed831f2a498d26d0a9f247fa8ec99d9bcbb9095b76629227f8d4df51e57a2b4e13f96b57f622de3
SSDEEP

49152:FfHvggggMLJqO1JRq/E35P9Uj0dULbeZW1ri3IeRaKP/hmw3S04R9fKv/8P:F8jqy59G063eZWs3JwghFx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c37ce7e572ded7bff61b259024038fe9ab2b4825c43c782a9b41d97af17cdf3

Files

4c37ce7e572ded7bff61b259024038fe9ab2b4825c43c782a9b41d97af17cdf3
.dll windows x86

f0b74b9dc474a5ef1a961b632c0626cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
CreateEventW
OpenEventW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetTempPathW
RemoveDirectoryW
GetFileAttributesW
GlobalAlloc
GlobalFree
TerminateProcess
GetFileInformationByHandle
GetHandleInformation
CreateProcessW
GetEnvironmentVariableW
CreateDirectoryA
GetSystemInfo
FormatMessageW
DeviceIoControl
GetSystemDirectoryA
ResetEvent
VirtualProtect
SetLastError
lstrlenW
LoadLibraryA
IsBadReadPtr
GetThreadLocale
CreateFileMappingW
OpenMutexW
CreateMutexW
CreateMutexA
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileW
VirtualQuery
FindResourceExW
GetVersionExW
CreateFileW
CreateFileA
SetFilePointer
ReadFile
WriteFile
GetFileSize
SetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryA
SetFileTime
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameA
FreeLibrary
LoadLibraryW
GetNativeSystemInfo
MoveFileExW
CopyFileW
GetSystemDirectoryW
GetSystemTime
FindClose
WaitForMultipleObjects
FindFirstFileW
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObject
GetCurrentThreadId
GetCommandLineW
Sleep
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetLastError
QueryDosDeviceW
GetLogicalDriveStringsW
SystemTimeToFileTime
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
RtlCaptureStackBackTrace
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VirtualAlloc
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
LocalFree
LocalAlloc
VirtualFree
CloseHandle
GetModuleHandleW
GetProcAddress
OpenProcess
GetCurrentProcessId
FindFirstFileExA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ReadConsoleW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindNextFileW
OpenFileMappingW
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SleepEx
CompareFileTime
GetEnvironmentVariableA
GetFileType
GetStdHandle
PeekNamedPipe
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ExitThread
ResumeThread
GetModuleHandleExW
GetFileAttributesExW

user32

PostMessageW
PostQuitMessage
UnregisterClassW
LoadStringW
SetWindowPos
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
FindWindowW
GetDesktopWindow
UpdateWindow
AllowSetForegroundWindow
GetSystemMetrics
GetWindowThreadProcessId

advapi32

CryptDestroyHash
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
CheckTokenMembership
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
SetTokenInformation
GetTokenInformation
BuildExplicitAccessWithNameW
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclW
GetUserNameA
LookupPrivilegeValueW
LookupAccountNameA
AdjustTokenPrivileges
OpenProcessToken
RegSetKeySecurity
RegOpenKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
RegQueryValueExW
RegSetValueExW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysFreeString
SysStringByteLen
SysAllocString
VariantInit
VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathFindFileNameA
PathCombineW
PathFileExistsA
SHSetValueW
SHGetValueW
SHDeleteKeyW
PathRemoveFileSpecW
PathRemoveExtensionW
ord176
PathAppendW

crypt32

CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW
EnumProcesses

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

urlmon

ObtainUserAgentString

iphlpapi

GetAdaptersInfo

ws2_32

sendto
recvfrom
socket
WSAEventSelect
gethostname
WSACreateEvent
shutdown
freeaddrinfo
getaddrinfo
WSAEnumNetworkEvents
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
select
__WSAFDIsSet
setsockopt
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
ntohs
gethostbyname
getnameinfo
ioctlsocket
WSACloseEvent

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord27
ord26
ord117
ord41
ord145
ord219
ord46
ord14
ord216
ord208
ord127

Exports

Exports

Run
VXRpbGlaeU

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0b74b9dc474a5ef1a961b632c0626cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

psapi

dbghelp

version

userenv

wtsapi32

urlmon

iphlpapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 570KB - Virtual size: 570KB

.data Size: 50KB - Virtual size: 77KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 112KB - Virtual size: 111KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 570KB - Virtual size: 570KB

.data
Size: 50KB - Virtual size: 77KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 112KB - Virtual size: 111KB