121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0

Sharing

Copy URL

Twitter E-mail

General

Target

121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0
Size

211KB
MD5

a4b5578d72ba8b61910fce95d02e4f65
SHA1

f43d259de0fad44cb1fc0a07360c1f1d300290d9
SHA256

121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0
SHA512

f8e9e1dfdbb88926fa0c6947b323d65fcdad4ebd9f26cff88dd9858687225cca66ddc1557d466d1df5de7e4252ad4c6f7a511debdff4b123acdd01620322842a
SSDEEP

3072:S3LSfHbyKITqDYWDrCppCfWSVzvFYuNU+0RwCM4yXS8TFajhqROGq5dzu+fJtjuY:yOby3usWC89rfVXjRKhNGq57RZNnO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0

Files

121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0
.dll windows x64

e779a5293ea79216563475c7af987e91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
VirtualProtect
GetFileAttributesW
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GlobalLock
GetLocalTime
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
CreateThread
WritePrivateProfileStringW
ProcessIdToSessionId
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
GetSystemTime
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
lstrcpynA
CreateFileMappingW
DisconnectNamedPipe
ResumeThread
lstrcmpA
ExitThread
lstrcatW
OutputDebugStringA
LocalFree
LocalAlloc
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
CreateIoCompletionPort
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
QueueUserAPC
GetModuleHandleA
GlobalMemoryStatus
DeleteFileW
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
CreateProcessW
Process32NextW
GetCurrentProcessId
Process32FirstW
lstrcmpiW
ExitProcess
GetCurrentProcess
VirtualFreeEx
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
GetSystemDefaultLCID
ResetEvent
GetSystemInfo
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
WaitForSingleObject
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
Sleep

user32

GetWindowTextW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
KillTimer
DispatchMessageW
TranslateMessage
GetAsyncKeyState
GetKeyState
GetIconInfo
GetMessageW
SetClipboardViewer
SetWindowLongPtrW
CreateWindowExW
CloseClipboard
GetClipboardData
GetClassNameW
DestroyIcon
LoadCursorW
WindowFromPoint
SetCursorPos
mouse_event
keybd_event
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
PostMessageA
ShowWindow
wsprintfA
OpenClipboard
DefWindowProcW
SendMessageW
IsClipboardFormatAvailable
GetWindowThreadProcessId
PostQuitMessage
ChangeClipboardChain
GetSystemMetrics
ExitWindowsEx
MessageBoxW
wsprintfW
SetTimer

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RegOpenKeyExW
DeleteService
QueryServiceStatusEx
CloseServiceHandle
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
GetLengthSid
CheckTokenMembership
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumValueA
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegOverridePredefKey
RevertToSelf
RegEnumValueW
InitiateSystemShutdownA

shell32

ExtractIconExW
SHFileOperationW
CommandLineToArgvW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

VariantClear

odbc32

ord9
ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord157
ord141
ord75
ord24
ord171
ord31
ord2

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

shlwapi

PathRemoveFileSpecW

ws2_32

setsockopt
closesocket
WSARecvFrom
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup
WSAIoctl

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e779a5293ea79216563475c7af987e91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

wtsapi32

shlwapi

ws2_32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 19KB

.pdata Size: 10KB - Virtual size: 9KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 19KB

.pdata
Size: 10KB - Virtual size: 9KB