a9f4589234908b867998740d52787764d83a3e5a5eed0576d27a8bce6792c17a

Sharing

Copy URL Twitter E-mail

General

Target

a9f4589234908b867998740d52787764d83a3e5a5eed0576d27a8bce6792c17a
Size

574KB
MD5

600a824dc53b7ee1446059b74748d79b
SHA1

ae1d5a1f9f8b0982a033d2efeb795a9dffcf539f
SHA256

a9f4589234908b867998740d52787764d83a3e5a5eed0576d27a8bce6792c17a
SHA512

220fe0ff8ec4b8a08480ff4a35e0f756549a79af8ad38961b60008b031402dc8415babdf7457515be695bf94839a2905bf35b4a56f749c3131099538f515054d
SSDEEP

12288:B9hdo1mpPQFN6Cd20yJc0y8fsF2G2JQrWpwjVe8aO+LuLalzJgLYOwZC7WMFC5mf:o3FIbtK5aXD5BzEzVA43HvMRy21ZwP0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9f4589234908b867998740d52787764d83a3e5a5eed0576d27a8bce6792c17a

Files

a9f4589234908b867998740d52787764d83a3e5a5eed0576d27a8bce6792c17a
.dll windows x86

cea6d6a3b52942dc2bb55291148e4268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
GetTimeFormatA
GetFinalPathNameByHandleA
CreateFileA
GetUserDefaultLCID
GetDateFormatA
GlobalFree
CloseHandle
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleFileNameA
GetCurrentProcess
WriteFile
SetFilePointer
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
AddVectoredExceptionHandler
GetProcAddress
GetCurrentProcessId
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentThread
GlobalAlloc
DebugBreak
GetDriveTypeA
GetVolumeInformationA
OpenProcess
GetDiskFreeSpaceA
CompareStringA
GetVersionExA
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
ReadFile
CompareFileTime
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetFullPathNameA
OpenFile
InitializeCriticalSectionEx
FindClose
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
DecodePointer
DeleteCriticalSection
GetLongPathNameA
GetTempFileNameA
CreateDirectoryA
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
GlobalHandle
RaiseException
OutputDebugStringW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileSectionA
GlobalUnlock
FormatMessageA
WideCharToMultiByte
LocalFree
GlobalLock
GetLastError
MultiByteToWideChar
GetFileAttributesExA
GetLocaleInfoA

user32

MessageBeep
UnregisterClassA
LoadStringA
GetAsyncKeyState
CharToOemA
OemToCharA
CharUpperA
CharLowerA
PeekMessageA
PostQuitMessage
SendMessageA
MessageBoxA
OpenClipboard
CloseClipboard
CharUpperBuffA
GetKeyboardLayout
GetClipboardData
IsClipboardFormatAvailable
IsCharAlphaNumericA

advapi32

OpenProcessToken
DuplicateToken
MapGenericMask
GetUserNameA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
AccessCheck
GetFileSecurityA

shell32

SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoCreateInstance

shlwapi

UrlCreateFromPathA

msvcp140

?bad@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z

vcruntime140

memmove
__CxxFrameHandler3
memset
memcpy
strchr
strrchr
strstr
longjmp
_seh_longjmp_unwind4
__current_exception_context
__current_exception
_CxxThrowException
_except_handler4_common
__std_exception_copy
_purecall
__CxxLongjmpUnwind
__std_exception_destroy
__std_terminate
_setjmp3
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fopen
fgets
feof
getc
_fseeki64
__acrt_iob_func
_ftelli64
ungetc
_getcwd
setvbuf
fopen_s
fputs
putc
fread
fgetpos
fgetc
_write
fwrite
__stdio_common_vsnprintf_s
fflush
_get_stream_buffer_pointers
_wfopen_s
fputc
fsetpos
ferror

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
islower
isalnum
isalpha
tolower
isxdigit
isdigit
isupper
toupper
_strrev
_strnicmp
_strdup
_strupr
_strlwr
strncat
strpbrk
_memicmp
_stricmp

api-ms-win-crt-filesystem-l1-1-0

rename
_chdir
_access
remove
_getdrive
_chdrive
_lock_file
_chmod
_stat64i32
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_set_invalid_parameter_handler
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
exit
terminate
_initterm_e
_initterm
_cexit
_errno
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
strerror
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-utility-l1-1-0

bsearch
srand
qsort

api-ms-win-crt-convert-l1-1-0

atof
atol
strtol
_itoa
strtoul
_ecvt_s
mbstowcs
wcstombs
atoi
strtod

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-heap-l1-1-0

_recalloc
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

_CIfmod
_finite
_isnan
ceil
floor
_except1

api-ms-win-crt-time-l1-1-0

_time64
_ctime64

Exports

Exports

execute
kill
version

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cea6d6a3b52942dc2bb55291148e4268

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 457KB - Virtual size: 456KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 3KB - Virtual size: 73KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 457KB - Virtual size: 456KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 3KB - Virtual size: 73KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB