0dfefe2704b08deca8297adefbb224ee6f3d533bb289246fbc7cccc289120dbf

Sharing

Copy URL

Twitter E-mail

General

Target

0dfefe2704b08deca8297adefbb224ee6f3d533bb289246fbc7cccc289120dbf
Size

1.2MB
MD5

1eec26f78d1a5da5a65ba4e1d9e40f5e
SHA1

359b0caa212a4d2e1b8b07fc0e8305dffe6f316b
SHA256

0dfefe2704b08deca8297adefbb224ee6f3d533bb289246fbc7cccc289120dbf
SHA512

d7bf2809e3b5b5717a46493523ba909cc8f7f17f84c96c9db5c83171ced7c7a59cb792a8a2a853e94b503ec521ec1d702556e98fab82c0491d07473432149fd1
SSDEEP

24576:y6VZkvq6kSGEcq1FG8zcvj2X85g2czXgrgwT0J0F0c0r8D4R2NhnxbX:y67kvqLSGEcq1Q8zkg2czXCTU0F0c0gJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dfefe2704b08deca8297adefbb224ee6f3d533bb289246fbc7cccc289120dbf

Files

0dfefe2704b08deca8297adefbb224ee6f3d533bb289246fbc7cccc289120dbf
.dll windows x86

789af67fca7f6036c516d147b677ecb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

listen
gethostbyname
WSARecvFrom
WSASendTo
recvfrom
sendto
gethostname
WSASetLastError
WSAIoctl
getsockname
accept
bind
WSASocketW
ntohl
getnameinfo
shutdown
__WSAFDIsSet
select
ntohs
setsockopt
getsockopt
recv
send
connect
socket
closesocket
ioctlsocket
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAGetLastError
htons
getpeername
htonl

kernel32

CompareStringEx
GetCPInfo
EncodePointer
DecodePointer
GetNativeSystemInfo
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileSizeEx
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
GetModuleHandleW
LoadLibraryA
LoadLibraryW
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCurrentProcessId
GetModuleFileNameW
CloseHandle
GetCommandLineW
LocalFree
CreateEventA
GetModuleFileNameA
WritePrivateProfileStringA
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
GetTickCount64
QueryPerformanceCounter
CreateThread
WaitForSingleObject
GetCurrentThread
VirtualProtect
MultiByteToWideChar
IsBadReadPtr
HeapSize
ReadConsoleW
GetConsoleMode
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
HeapReAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetLastError
QueryPerformanceFrequency
OutputDebugStringA
RaiseException
GetCurrentThreadId
FormatMessageA
VirtualFree
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
SetLastError
FreeLibrary
LoadLibraryExW
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemTimeAsFileTime
LCMapStringEx

user32

GetCursorPos
GetClientRect
CallWindowProcW
GetActiveWindow
SetWindowPos
GetWindowLongW
SetWindowLongW
GetAsyncKeyState
GetWindowRect
ScreenToClient
SetCursorPos

shell32

CommandLineToArgvW

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathGetArgsW

winmm

timeGetTime

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

Exports

Exports

Initialize
PluginName

Sections

.text
Size: 927KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

789af67fca7f6036c516d147b677ecb7

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

kernel32

user32

shell32

oleaut32

shlwapi

winmm

advapi32

Exports

Exports

Sections

.text Size: 927KB - Virtual size: 926KB

.rdata Size: 245KB - Virtual size: 244KB

.data Size: 22KB - Virtual size: 34KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 927KB - Virtual size: 926KB

.rdata
Size: 245KB - Virtual size: 244KB

.data
Size: 22KB - Virtual size: 34KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 47KB