e4111ecb0650e0c8dd39acd8fe551f7a420098bec9f92caa3fcad9e1bf93ff89

Sharing

Copy URL Twitter E-mail

General

Target

e4111ecb0650e0c8dd39acd8fe551f7a420098bec9f92caa3fcad9e1bf93ff89
Size

606KB
MD5

50b39197efc0901d5ff70965be31d199
SHA1

086b1d26e4e7c4b4ec501b9fe0ce6975509b1bee
SHA256

e4111ecb0650e0c8dd39acd8fe551f7a420098bec9f92caa3fcad9e1bf93ff89
SHA512

ba36913fdaadd7dbb7a924cf19033e03a688864c91137e0bfa3897aa149d90b003c3391a0c423648206e9854ebd1b8d8c535baa7123ed490ee3e59b902444dc4
SSDEEP

6144:kDWgQX0UrXyR854H3kxk6WQsWpkvfdGTyFUDaDw3YKUySrE0VkRICWLfHdfmeEIp:yWpXByR/3kxk6aekXdOTD6c/SdfDai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4111ecb0650e0c8dd39acd8fe551f7a420098bec9f92caa3fcad9e1bf93ff89

Files

e4111ecb0650e0c8dd39acd8fe551f7a420098bec9f92caa3fcad9e1bf93ff89
.dll windows x86

56e35e9c50ae04074a8a0b5747fdb1fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint
NlsMbCodePageTag
NtClearEvent
NtClose
NtCreateEvent
NtCreateMutant
NtCreateSection
NtDuplicateObject
NtMapViewOfSection
NtOpenKey
NtOpenProcess
NtQueryDefaultLocale
NtQueryInformationProcess
NtQueryValueKey
NtReadVirtualMemory
NtReleaseMutant
NtResumeThread
NtSetEvent
NtTerminateProcess
NtUnmapViewOfSection
NtWaitForSingleObject
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlAllocateHeap
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeString
RtlAppendUnicodeToString
RtlAreBitsClear
RtlAreBitsSet
RtlAssert
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlCreateUserThread
RtlDeleteCriticalSection
RtlDosSearchPath_U
RtlDuplicateUnicodeString
RtlEnterCriticalSection
RtlEqualUnicodeString
RtlExitUserThread
RtlFindMessage
RtlFreeHeap
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitAnsiString
RtlInitUnicodeString
RtlInitializeBitMap
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlNtStatusToDosError
RtlOpenCurrentUser
RtlPrefixUnicodeString
RtlReleaseResource
RtlSetBits
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlxUnicodeStringToAnsiSize

kernel32

Beep
CloseHandle
CreateRemoteThread
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetExitCodeThread
GetLastError
GetModuleHandleW
GetOEMCP
GetProcAddress
GetSystemWindowsDirectoryW
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
RaiseException
RtlUnwind
SetLastError
TerminateThread
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte

psapi

GetProcessImageFileNameW

basesrv

BaseSetProcessCreateNotify

csrsrv

CsrAddStaticServerThread
CsrConnectToUser
CsrCreateWait
CsrDereferenceProcess
CsrDereferenceThread
CsrDereferenceWait
CsrExecServerThread
CsrGetProcessLuid
CsrImpersonateClient
CsrLockProcessByClientId
CsrLockThreadByClientId
CsrNotifyWait
CsrQueryApiPort
CsrReferenceThread
CsrRevertToSelf
CsrSetBackgroundPriority
CsrSetForegroundPriority
CsrShutdownProcesses
CsrUnlockProcess
CsrUnlockThread
CsrValidateMessageBuffer

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesExW
GetCurrentObject
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetTextMetricsW
InvertRgn
PatBlt
RealizePalette
SelectObject
SelectPalette
SetBkColor
SetDIBitsToDevice
SetSystemPaletteUse
SetTextColor
TextOutW
TranslateCharsetInfo

user32

AppendMenuW
BeginPaint
ChangeDisplaySettingsW
CloseClipboard
CloseDesktop
CloseWindowStation
CopyIcon
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawMenuBar
EmptyClipboard
EnableMenuItem
EndPaint
EnumThreadWindows
GetClipboardData
GetCursorPos
GetDC
GetDlgItem
GetKeyState
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetMenuItemInfoW
GetMessageW
GetMonitorInfoW
GetScrollInfo
GetSystemMenu
GetSystemMetrics
GetTaskmanWindow
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
InvalidateRgn
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsZoomed
KillTimer
LoadCursorW
LoadImageW
LoadStringW
MapVirtualKeyW
MessageBoxTimeoutW
MonitorFromWindow
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PrivateExtractIconsW
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScrollWindowEx
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCapture
SetClipboardData
SetCursor
SetForegroundWindow
SetMenuItemInfoW
SetScrollInfo
SetThreadDesktop
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowScrollBar
ShowWindow
ShowWindowAsync
ToUnicodeEx
TrackPopupMenuEx
TranslateMessage
UnregisterClassW
UpdateWindow
VkKeyScanW
WindowFromPoint

Exports

Exports

ConServerDllInitialization
UserServerDllInitialization
_UserSoundSentry

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/19
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 524B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56e35e9c50ae04074a8a0b5747fdb1fc

Headers

File Characteristics

Imports

ntdll

kernel32

psapi

basesrv

csrsrv

gdi32

user32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 62KB - Virtual size: 62KB

/4 Size: 512B - Virtual size: 40B

/19 Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 524B

.edata Size: 512B - Virtual size: 153B

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 6KB - Virtual size: 6KB

.rossym Size: 268KB - Virtual size: 268KB

.text
Size: 164KB - Virtual size: 163KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 62KB - Virtual size: 62KB

/4
Size: 512B - Virtual size: 40B

/19
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 524B

.edata
Size: 512B - Virtual size: 153B

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 6KB - Virtual size: 6KB

.rossym
Size: 268KB - Virtual size: 268KB