542ea3050f06e3aa3a07039e706b11df37aa2c200d8076db3af85c2b693e7ac8

Sharing

Copy URL Twitter E-mail

General

Target

542ea3050f06e3aa3a07039e706b11df37aa2c200d8076db3af85c2b693e7ac8
Size

710KB
MD5

a23081778d8fa0fb6f517423902f54b1
SHA1

e4027b7dcdfb0709e8116f955eb6118d2cd9084d
SHA256

542ea3050f06e3aa3a07039e706b11df37aa2c200d8076db3af85c2b693e7ac8
SHA512

995a89c1eb160a6b5f1547caf6818af94f81f8e05257fe3977cb9e4c0c60ea1884294cfe969a2fd137f6e23b7d64f01373321f79622e33f1a84d1bbfafc05416
SSDEEP

12288:Q9MPn/yQJGxJ3QHihlfBOq/Lo5KgvBBNaqyCukMO2FwD:Rn9JGxdQHihlfX/LuKIvNa8ewD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
542ea3050f06e3aa3a07039e706b11df37aa2c200d8076db3af85c2b693e7ac8

Files

542ea3050f06e3aa3a07039e706b11df37aa2c200d8076db3af85c2b693e7ac8
.dll windows x86

666f1152a34051c100039ba63ee0ac07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionEx
GetEnvironmentVariableA
FindClose
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
GetTempPathA
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableA
GetLongPathNameA
GetTempFileNameA
GetCurrentProcess
SetErrorMode
GetVolumeInformationA
OpenProcess
GetDiskFreeSpaceA
CompareStringA
LoadLibraryA
GetVersionExA
CloseHandle
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetLocaleInfoA
GlobalLock
LocalFree
WideCharToMultiByte
GlobalUnlock
GlobalHandle
ExpandEnvironmentStringsA
GetTimeFormatA
OpenFile
GetUserDefaultLCID
GetDateFormatA
GlobalFree
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetCurrentThreadId
GetModuleHandleA
AddVectoredExceptionHandler
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GlobalAlloc
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
HeapFree
lstrlenA
UnhandledExceptionFilter
GetFullPathNameA
FindNextFileA
GetDriveTypeA
FindFirstFileA
GetFileAttributesExA
CompareFileTime
ReadFile
DebugBreak
FormatMessageA
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetFinalPathNameByHandleA
GetLastError
HeapAlloc
GetProcessHeap

user32

OpenClipboard
PostQuitMessage
PeekMessageA
MessageBoxA
UnregisterClassA
CharLowerA
CharUpperA
OemToCharA
CharToOemA
CharUpperBuffA
GetAsyncKeyState
MessageBeep
LoadStringA
IsCharAlphaNumericA
IsClipboardFormatAvailable
GetClipboardData
GetKeyboardLayout
CloseClipboard
SendMessageA

advapi32

RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
GetFileSecurityA
AccessCheck
OpenProcessToken
DuplicateToken
MapGenericMask
GetUserNameA

shell32

SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetPathFromIDListA

ole32

CoCreateInstance

shlwapi

UrlCreateFromPathA

msvcp140

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?bad@ios_base@std@@QBE_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??Bid@locale@std@@QAEIXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z

vcruntime140

memmove
__current_exception_context
__current_exception
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_terminate
memchr
strrchr
_setjmp3
longjmp
strchr
memcpy
strstr
memset
_purecall
__CxxFrameHandler3
_seh_longjmp_unwind4

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initterm
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_set_invalid_parameter_handler
_errno
strerror
abort
_cexit
system
exit
terminate
_invalid_parameter_noinfo
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fopen
fclose
fgetpos
_wfopen_s
fgetc
__stdio_common_vsnprintf_s
fputc
fopen_s
fsetpos
fgets
clearerr
_ftelli64
__stdio_common_vsprintf_s
_pclose
__stdio_common_vfprintf
getc
freopen
fread
fflush
tmpnam
ferror
feof
__acrt_iob_func
__stdio_common_vsprintf
fwrite
ungetc
_write
_popen
_fseeki64
tmpfile
_getcwd
setvbuf

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime
_difftime64
clock
_ctime64
_gmtime64
_mktime64

api-ms-win-crt-heap-l1-1-0

free
_recalloc
malloc
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
toupper
_strnicmp
_strrev
strncpy
strspn
_memicmp
isxdigit
isspace
strpbrk
strcoll
isprint
isalpha
isdigit
strncmp
tolower
iscntrl
isgraph
ispunct
islower
isupper
isalnum

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-math-l1-1-0

_CIfmod
_libm_sse2_acos_precise
_finite
_libm_sse2_log_precise
_libm_sse2_pow_precise
floor
ceil
_libm_sse2_asin_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_CIatan2
ldexp
_libm_sse2_cos_precise
_except1
_isnan
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
frexp

api-ms-win-crt-convert-l1-1-0

_itoa
strtoul
_ecvt_s
atol
atof
strtol
atoi
wcstombs
mbstowcs
strtod

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_chmod
_chdir
_chdrive
rename
remove
_stat64i32
_lock_file

api-ms-win-crt-utility-l1-1-0

qsort
srand

Exports

Exports

execute
kill
version

Sections

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

666f1152a34051c100039ba63ee0ac07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 582KB - Virtual size: 582KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 582KB - Virtual size: 582KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 25KB - Virtual size: 25KB