59de7048258cf437eb2e300924200aed6dfbb9e17213909a9124f9fabd5468dd

Sharing

Copy URL Twitter E-mail

General

Target

59de7048258cf437eb2e300924200aed6dfbb9e17213909a9124f9fabd5468dd
Size

5.0MB
MD5

4052b3ece077b22c885b091054cfb480
SHA1

55b632be78cb35f8e028057b4f673396a8ae61cc
SHA256

59de7048258cf437eb2e300924200aed6dfbb9e17213909a9124f9fabd5468dd
SHA512

4ed5227b335f8a25e2ff1498547a6789c9c8f6fe110db6a6560884f264d18fc801fdbb1dfd0ed831391b61ff3c7892d4470a3056e07ab40b065cb342f0131729
SSDEEP

98304:a/GjOg88Iqeon/ipx6b/hZCGQ21E5Q1GUys:a/cOgZIdoaMnCGCfUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59de7048258cf437eb2e300924200aed6dfbb9e17213909a9124f9fabd5468dd

Files

59de7048258cf437eb2e300924200aed6dfbb9e17213909a9124f9fabd5468dd
.dll windows x64

64945bc65108ebe15308a98cdaa059c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
MultiByteToWideChar
GetCurrentDirectoryW
FileTimeToSystemTime
GetFileInformationByHandle
CreateProcessW
GetModuleHandleW
LoadLibraryA
GetComputerNameA
WaitForSingleObject
GetStartupInfoW
CreatePipe
FreeLibrary
K32GetProcessImageFileNameW
GetLogicalDriveStringsW
GlobalAlloc
lstrlenW
GlobalFree
QueryDosDeviceW
lstrcmpiW
lstrcatW
lstrcpyW
VirtualQuery
VirtualFree
VirtualAlloc
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
Thread32First
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
GetProcessHeap
SetLastError
GetThreadLocale
WideCharToMultiByte
FormatMessageA
GetEnvironmentVariableW
K32GetProcessMemoryInfo
FindFirstFileW
SetEnvironmentVariableW
GetModuleFileNameW
LocalAlloc
FindNextFileW
LocalFree
FreeConsole
AttachConsole
DisableThreadLibraryCalls
MoveFileW
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
FileTimeToLocalFileTime
ExitThread
WriteFile
CreateDirectoryW
Module32NextW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
Process32FirstW
ReadProcessMemory
CreateThread
GetCurrentProcessId
CloseHandle
GetModuleFileNameA
GetSystemInfo
GetProcAddress
GetLastError
CreateFileW
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
WaitForSingleObjectEx
SleepEx
InitializeCriticalSectionEx
GetTickCount64
SetEndOfFile
OutputDebugStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetCurrentProcess
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetFileAttributesExW
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter

user32

MessageBoxW
EnumWindows
wsprintfW
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
GetDC
PostMessageW
GetWindowThreadProcessId
FindWindowW

gdi32

SetPixelFormat

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
CryptEncrypt
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptImportKey
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

CommandLineToArgvW

ole32

CoCreateGuid

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wldap32

ord26
ord32
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord27
ord301
ord200
ord30
ord79
ord35
ord33

opengl32

wglMakeCurrent
glGetString
wglCreateContext

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIW

ws2_32

accept
listen
send
closesocket
__WSAFDIsSet
freeaddrinfo
socket
bind
recv
WSACleanup
sendto
setsockopt
getsockname
ntohs
gethostname
htons
WSAGetLastError
select
getaddrinfo
recvfrom
WSAStartup
connect
WSASetLastError
getpeername
getsockopt
WSAIoctl
ioctlsocket

Exports

Exports

YInit

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64945bc65108ebe15308a98cdaa059c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

version

wldap32

opengl32

iphlpapi

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 524KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 11KB - Virtual size: 34KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 524KB - Virtual size: 524KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 11KB - Virtual size: 34KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 3KB - Virtual size: 3KB