7ba9b1162efb8f797d33ce680696577c7617ff2226fee9f16da617c8d351a86e

Sharing

Copy URL Twitter E-mail

General

Target

7ba9b1162efb8f797d33ce680696577c7617ff2226fee9f16da617c8d351a86e
Size

2.4MB
MD5

f1faf78cbe87875dbccdc75b2140dea9
SHA1

fdce188c8437145f30ddaca851ccd6d6365cc9dd
SHA256

7ba9b1162efb8f797d33ce680696577c7617ff2226fee9f16da617c8d351a86e
SHA512

51e15ee18fff56a147db54bf12b3f02970cacff2467fba3e916bd9be37bd9b84f6affe9e6ba1b3cbb952157e87060169a715226bda6e714d6c9f8320d96c1800
SSDEEP

49152:L3EpT+UGNr1h9L7H76ylfptPaDVyd2La3l/n:L3E5+UGXh9nH7vRpcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ba9b1162efb8f797d33ce680696577c7617ff2226fee9f16da617c8d351a86e

Files

7ba9b1162efb8f797d33ce680696577c7617ff2226fee9f16da617c8d351a86e
.dll windows x86

75b7397b566de56a7062303ae6c70db7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSASetLastError
WSAGetLastError
WSACleanup
closesocket
WSAStartup
inet_addr
send
socket
connect
recv
htons

kernel32

FindFirstFileW
FindNextFileW
GetModuleFileNameW
FindClose
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetFileAttributesW
GetCurrentThread
GetModuleHandleExW
CreateFileW
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
SetDllDirectoryW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFiber
HeapSize
ConvertFiberToThread
CloseHandle
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetCurrentProcess
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
LoadLibraryExA
LoadLibraryExW
GetFileAttributesA
Sleep
GetDynamicTimeZoneInformation
WriteConsoleW
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetFileSizeEx
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
HeapReAlloc
SetEnvironmentVariableW
GetTimeZoneInformation
MoveFileExW
FlushFileBuffers
GetFullPathNameW
CreateDirectoryW
FindFirstFileExW
IsValidCodePage
SetFilePointerEx
GetProcessHeap
SetStdHandle
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
RaiseException
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetExitCodeThread
GetLocaleInfoEx
LocalFree
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedFlushSList
ReadFile
ExitProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey

shlwapi

PathRemoveExtensionW

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

Exports

Exports

CreateCdmInstance
DeinitializeCdmModule
GetCdmVersion
InitializeCdmModule_4
VerifyCdmHost_0
add
add2
on_fini
on_init
test

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b7397b566de56a7062303ae6c70db7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shlwapi

bcrypt

crypt32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 527KB - Virtual size: 526KB

.data Size: 29KB - Virtual size: 44KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 84KB - Virtual size: 83KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 527KB - Virtual size: 526KB

.data
Size: 29KB - Virtual size: 44KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 84KB - Virtual size: 83KB