f412b89c80db55b41bcf6ae3b8977128078c5f6797bd6e37a1ccf811894e3b85

Sharing

Copy URL Twitter E-mail

General

Target

f412b89c80db55b41bcf6ae3b8977128078c5f6797bd6e37a1ccf811894e3b85
Size

1.7MB
MD5

c86ada50ff4fff96322f709a93e12f37
SHA1

099981c14769027e968beb199814b77623cf0f8f
SHA256

f412b89c80db55b41bcf6ae3b8977128078c5f6797bd6e37a1ccf811894e3b85
SHA512

76f15a2c0c5c46d3538672261624a615b3f551de0897b54464cc2adb16be30d868552d7965eb127918f339032ab542872e8349aa9e388c3f124a5f2db2cc826b
SSDEEP

24576:EQdaQ7zKzvDMO7EUFQLueV63Xh0jDnesz8F0uv9lGMsMn8Iw4MTIml0FBhSfPoqU:laQCLYOXQL2TQVIw4MkmQBC3+Jb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f412b89c80db55b41bcf6ae3b8977128078c5f6797bd6e37a1ccf811894e3b85

Files

f412b89c80db55b41bcf6ae3b8977128078c5f6797bd6e37a1ccf811894e3b85
.dll windows x86

ca64489b60ca069d7058afdfd55639bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
OutputDebugStringA
ExitProcess
CreateEventW
CloseHandle
ResetEvent
CreateThread
SetEvent
Sleep
CancelIo
GetLastError
CreateMutexW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GlobalLock
GlobalUnlock
OpenMutexA
CreateMutexA
VirtualAlloc
VirtualFree
ReleaseMutex
FindResourceW
SizeofResource
LoadResource
LockResource
WideCharToMultiByte
GetTickCount
ReadProcessMemory
GlobalMemoryStatusEx
lstrcpyW
CreateThreadpoolTimer
SetThreadpoolTimer
IsThreadpoolTimerSet
LocalAlloc
LocalFree
GetStartupInfoW
GetSystemDirectoryW
GetCommandLineW
AddVectoredExceptionHandler
GetModuleHandleW
FlushInstructionCache
GetProcAddress
VirtualAllocEx
GetSystemInfo
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
lstrlenW
QueryDosDeviceW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
ReadFile
GetConsoleMode
VirtualQuery
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
HeapAlloc
HeapFree
GetStdHandle
GetFileType

user32

GetAsyncKeyState
MessageBoxW
OpenClipboard
SetTimer
CloseClipboard
GetClipboardData

ntdll

NtQueryInformationProcess
NtResumeThread
NtProtectVirtualMemory

shlwapi

PathFindFileNameW

ws2_32

getaddrinfo
WSAIoctl
closesocket
htons
WSACleanup
socket
inet_addr
setsockopt
select
recv
send
getsockname
freeaddrinfo
connect
WSAStartup

Exports

Exports

MiFeng

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RHXJ0
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca64489b60ca069d7058afdfd55639bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 9KB - Virtual size: 16KB

.RHXJ0 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 14KB - Virtual size: 14KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 16KB

.RHXJ0
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 102KB - Virtual size: 101KB