32fd3c0d77c94393e439c9708ca4872e5b944b78e95d36a14d00f48912721fd6

Sharing

Copy URL

Twitter E-mail

General

Target

32fd3c0d77c94393e439c9708ca4872e5b944b78e95d36a14d00f48912721fd6
Size

4.5MB
MD5

48843708f41c3f42206b9b2ce6e19463
SHA1

0a85858fad4948fbd471da1e5dd4749b73173adc
SHA256

32fd3c0d77c94393e439c9708ca4872e5b944b78e95d36a14d00f48912721fd6
SHA512

c3db3dab621c765f3476889b12dcb660792e4e56da11a7f229e3cd204cf97b1d26af5847a08e69fdb4c1962c792dc8ab95576204943ea214be1e6e5fd93ffc34
SSDEEP

49152:lIcqGtlqhDVwASO7OIU6iSkU2orHphHktXTQP9VUmMSmIxDKs7U6uKL5XXkQPRjp:lK5+EhHRMmui0mJepdKnEuRx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32fd3c0d77c94393e439c9708ca4872e5b944b78e95d36a14d00f48912721fd6

Files

32fd3c0d77c94393e439c9708ca4872e5b944b78e95d36a14d00f48912721fd6
.dll windows x64

a779dbc33fccf515fac3ee92e1169bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
FindFirstFileW
DeleteFileW
MoveFileExW
ReadFile
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
GetFileAttributesW
WriteConsoleW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetTempPathW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
VirtualUnlock
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetEnvironmentStringsW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
DeleteFileA
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
VirtualLock
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTickCount
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetStringTypeW
GetConsoleOutputCP
SetStdHandle
GetFileSizeEx
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
GetProcAddress
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
AcquireSRWLockExclusive
GetSystemInfo
Sleep
GetLastError
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ReadConsoleA
SetConsoleMode
GetSystemDirectoryA
VirtualFree
InitializeSRWLock
LoadLibraryExA
VirtualQuery
VirtualProtect
GetEnvironmentVariableW
ReleaseSRWLockShared
FindClose
ReleaseMutex
FreeEnvironmentStringsW
ReleaseSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetModuleHandleA

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam

ws2_32

WSACleanup
WSAStartup
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
gethostbyname
getservbyport
select
connect
ioctlsocket
getservbyname
WSASetLastError
socket
ntohs
send
recv
getsockopt
setsockopt
WSAGetLastError
shutdown
closesocket

crypt32

CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Exports

Exports

node_register_module_v116

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a779dbc33fccf515fac3ee92e1169bdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

crypt32

bcrypt

user32

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 30KB - Virtual size: 44KB

.pdata Size: 149KB - Virtual size: 149KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 30KB - Virtual size: 44KB

.pdata
Size: 149KB - Virtual size: 149KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 41KB - Virtual size: 40KB