d8a300fc34baa24e0fc5f4c7cab5ababd0763e3af1bd75490c3738092dc4043d

Sharing

Copy URL Twitter E-mail

General

Target

d8a300fc34baa24e0fc5f4c7cab5ababd0763e3af1bd75490c3738092dc4043d
Size

139KB
MD5

e369f345776a047567aa11333fd1ce10
SHA1

11a564c078f702f713269216a45fe040a49bc6ad
SHA256

d8a300fc34baa24e0fc5f4c7cab5ababd0763e3af1bd75490c3738092dc4043d
SHA512

f36ad1acd1385335b2908d19b1e873c9353fecb992dfa5cada635a9f8b4e91b3089c615a544b970c4c8ed5c353dee5af3ec4167afd6168b91430ab3dc5677186
SSDEEP

3072:xAWfI5axtSbS649WwsYh514mm6/54K+YChw6Ube3SPhZAeusSZ:Q5axoGlh5D/cYhySPh2bh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8a300fc34baa24e0fc5f4c7cab5ababd0763e3af1bd75490c3738092dc4043d

Files

d8a300fc34baa24e0fc5f4c7cab5ababd0763e3af1bd75490c3738092dc4043d
.dll windows x86

d17a34d7e92aa677cbf6005c30d4c7e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
Sleep
WriteFile
GetModuleFileNameW
SetFilePointer
CreateFileW
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetModuleHandleW
IsBadReadPtr
QueryPerformanceCounter
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualProtect
GlobalAlloc
CreateThread
GetProcAddress
OutputDebugStringW
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
DeleteCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
LoadLibraryExW
WriteConsoleW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
GetProcessHeap
EnterCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

DestroyWindow
DefWindowProcW
IsWindowUnicode
PeekMessageA
wsprintfW
TranslateMessage
PeekMessageW
DispatchMessageW
SendMessageW
KillTimer
SetWindowLongW
RegisterClassW
GetClassInfoW
DispatchMessageA
GetWindowLongW
SetWindowPos
SetWindowTextW
RegisterClassExW
ShowWindow
SetTimer
UpdateWindow
InvalidateRect
EnableWindow
CreateWindowExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
WSACancelAsyncRequest
ioctlsocket
htons
recv
connect
socket
WSAAsyncGetHostByName
WSAAsyncSelect
closesocket
send

dsound

ord1

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d17a34d7e92aa677cbf6005c30d4c7e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

ws2_32

dsound

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 1.0MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 1.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB