8181758edc0555b9f6e72649bf6777ed34fe2a7786f097fc681ae1e761db6380

Sharing

Copy URL

Twitter E-mail

General

Target

8181758edc0555b9f6e72649bf6777ed34fe2a7786f097fc681ae1e761db6380
Size

912KB
MD5

dde2525f2baab9fee7deb7138c7980ef
SHA1

5f40751dc28c15227a1564f3e8c63c8125193ce6
SHA256

8181758edc0555b9f6e72649bf6777ed34fe2a7786f097fc681ae1e761db6380
SHA512

7de6e13e918a221e35f514ec5dadd35df0fb41404e0055d4dc569a5e3c20a56b3e598dc0aed02d9b591cb179e25b86393a85c0ba8becdaaa10579580ca116320
SSDEEP

12288:8Oq97/78eFYato0rcLHE6UdQyUnAyTbD52Qfl7U5oCDI75RyYauT6iYsyEK3n6f:838uYat3czE3uX/5jfl7C9AzauOi4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8181758edc0555b9f6e72649bf6777ed34fe2a7786f097fc681ae1e761db6380

Files

8181758edc0555b9f6e72649bf6777ed34fe2a7786f097fc681ae1e761db6380
.dll windows x86

a4889455bfa9aa835df20d2f8b90d30a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
LocalFree
GetCurrentProcess
GetModuleHandleW
CreateFileW
GetVersionExW
OutputDebugStringW
FindFirstFileA
EnterCriticalSection
FindNextFileA
LeaveCriticalSection
InitializeCriticalSection
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetCurrentThread
GetThreadTimes
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
CloseHandle
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleHandleExW
ExitProcess
ReadFile
GetACP
RtlUnwind
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
UnregisterWait
RegisterWaitForSingleObject
GetCommandLineA
DecodePointer
TryEnterCriticalSection
GetCurrentThreadId
GetCPInfo
EncodePointer
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
GetCurrentProcessId
SetEvent
WaitForSingleObjectEx
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask

shell32

SHGetFolderPathA

ole32

CoInitializeSecurity
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

advapi32

RegOpenKeyExA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shlwapi

PathAppendA
PathFileExistsA

winhttp

WinHttpCrackUrl

ws2_32

getpeername
getsockopt
recv
select
closesocket
setsockopt
WSAStartup
WSAGetLastError
WSASocketW
WSACleanup
send
connect
ioctlsocket
WSAStringToAddressA
getaddrinfo
freeaddrinfo
getnameinfo
__WSAFDIsSet

wtsapi32

WTSQueryUserToken

Exports

Exports

DownloadFile
GetMachineID
GetProductName
GetUniqueId
PostInstallRequest
PostUninstallRequest
PostUpdaterRequest
ReleaseInstallRequest
ReleaseUninstallRequest
ReleaseUpdaterRequest

Sections

.text
Size: 651KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4889455bfa9aa835df20d2f8b90d30a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

advapi32

shlwapi

winhttp

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 651KB - Virtual size: 650KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 13KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 651KB - Virtual size: 650KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 13KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

.rmnet
Size: 56KB - Virtual size: 60KB