8ea84e33acc5f29080d798cf6a27cf75058086b1c7ebb135ba2ed34da9e369b6

Sharing

Copy URL Twitter E-mail

General

Target

8ea84e33acc5f29080d798cf6a27cf75058086b1c7ebb135ba2ed34da9e369b6
Size

1.8MB
MD5

f3a5227fa798dcabab03304481017224
SHA1

0e017982586e4667bf3765f5ab2d424db67e0b69
SHA256

8ea84e33acc5f29080d798cf6a27cf75058086b1c7ebb135ba2ed34da9e369b6
SHA512

dcf2094358b16b4a55a9ee523805d0a2ef57cbfc848928bd236bb2216e1ad19a6e31190d9a155873bdd9e98a3b4553923c970d8230e3fc74c88c2a9038f74c64
SSDEEP

6144:xyXEP7DKvl+2FS746+lnNNz470MJ/rMyhJeS27Knd7:8XEP7ULnNNz470MNMyhJeS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ea84e33acc5f29080d798cf6a27cf75058086b1c7ebb135ba2ed34da9e369b6

Files

8ea84e33acc5f29080d798cf6a27cf75058086b1c7ebb135ba2ed34da9e369b6
.dll windows x86

70095797fc38912a047c8d885ea1975d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
SetLastError
VirtualFree
VirtualAlloc
VirtualProtect
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
ReleaseMutex
CreateMutexA
WaitForSingleObject
Sleep
CloseHandle
GetCurrentProcess
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetCurrentProcessId
GetTickCount
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
GetSystemTimeAsFileTime
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetEndOfFile

user32

wsprintfA
GetClientRect
FillRect
PostMessageA

gdi32

StretchDIBits

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

psapi

EnumProcessModules
GetModuleBaseNameA

Exports

Exports

GetInstallDetailsPayload
SignalChromeElf

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70095797fc38912a047c8d885ea1975d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

wininet

psapi

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 56KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 56KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 15KB - Virtual size: 15KB