0dc80b87ee5ef7ffb1f1a40b7b7336a4f4bd88adab8ad7e6f55850d540878c8d

Sharing

Copy URL Twitter E-mail

General

Target

0dc80b87ee5ef7ffb1f1a40b7b7336a4f4bd88adab8ad7e6f55850d540878c8d
Size

413KB
MD5

f4196c599c8a5a7965a51afe31d05870
SHA1

50f5d6c16dc3d39abc79b4291de6e50f541445f3
SHA256

0dc80b87ee5ef7ffb1f1a40b7b7336a4f4bd88adab8ad7e6f55850d540878c8d
SHA512

e4abf0bfc4af464e5d6856f131641e367f5de1a44745b19e80c75ce8cbce8ead63034784ad5840d41190dff28ac459b0a9380a6250637c9db4dd853959885947
SSDEEP

12288:CjfvzE92HVgh1rc7l9oXT/nEi7twOrU/nKuuImx4iOJZpTc:SHzRgh1VEieWU/5pa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc80b87ee5ef7ffb1f1a40b7b7336a4f4bd88adab8ad7e6f55850d540878c8d

Files

0dc80b87ee5ef7ffb1f1a40b7b7336a4f4bd88adab8ad7e6f55850d540878c8d
.dll windows x86

32daf8a4a642af4dadba17358cf4f32f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

kernel32

HeapAlloc
HeapFree
GetProcessHeap
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
TerminateProcess
GetStartupInfoA
SetUnhandledExceptionFilter
SetErrorMode
ReleaseMutex
CreateMutexA
OpenEventA
FreeConsole
LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
K32EnumProcessModules
K32GetModuleFileNameExA
GetCurrentThreadId
lstrcmpiA
OutputDebugStringW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapSize
GetStringTypeW
SetConsoleCtrlHandler
GetFileType
GetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
WriteProcessMemory
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCurrentThread
DecodePointer
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualAllocEx
GetSystemDirectoryA
GetTickCount
OpenProcess
CreateRemoteThread
GetCurrentProcess
GetModuleFileNameA
SetLastError
MoveFileA
GetLogicalDriveStringsA
LocalFree
LocalReAlloc
LocalAlloc
CreateProcessA
GetLastError
WriteConsoleW
GetVolumeInformationA
WriteFile
SetFilePointer
RemoveDirectoryA
ReadFile
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
lstrlenA
lstrcatA
lstrcmpA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
lstrcpyA
Sleep
ResetEvent
CancelIo
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
TerminateThread
CreateThread
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateEventA
WaitForSingleObject
SetEvent
MoveFileExA
CloseHandle
CreateFileW
GetEnvironmentStringsW

user32

SendMessageA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
keybd_event
mouse_event
MapVirtualKeyA
SetCapture
GetSystemMetrics
SetCursorPos
UnhookWindowsHookEx
LoadCursorA
DestroyCursor
SystemParametersInfoA
BlockInput
SetWindowsHookExA
GetWindowTextA
GetKeyNameTextA
GetActiveWindow
CharNextA
wsprintfA
DispatchMessageA
GetDC
TranslateMessage
ReleaseDC
GetCursorPos
SetRect
GetDesktopWindow
GetCursorInfo
OpenWindowStationA
SetProcessWindowStation
GetProcessWindowStation
ExitWindowsEx
GetMessageA
CallNextHookEx
WindowFromPoint
IsWindowVisible
CloseWindow
IsWindow
CreateWindowExA
PostMessageA
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
OpenDesktopA
GetWindowThreadProcessId
EnumWindows

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
GetDIBits
DeleteObject
BitBlt

advapi32

RegCloseKey
IsValidSid
LookupAccountNameA
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaRetrievePrivateData
LookupAccountSidA
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
LookupPrivilegeValueA
OpenEventLogA
CloseEventLog
ClearEventLogA
AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutWrite
waveInStop
waveInReset
waveOutPrepareHeader
waveOutReset
waveInGetNumDevs
waveInOpen
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInStart

ws2_32

gethostname
getsockname
WSAIoctl
WSACleanup
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
ntohs
htons
connect
closesocket

imm32

ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICClose
ICSeqCompressFrame
ICSendMessage
ICSeqCompressFrameStart
ICCompressorFree
ICOpen
ICSeqCompressFrameEnd

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ServiceMain

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32daf8a4a642af4dadba17358cf4f32f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

imm32

wininet

avicap32

msvfw32

wtsapi32

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 333KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB