466f57332f24fbff426aad11edb7508c9e01f53f41153a7761d6c73d07a690ef

Sharing

Copy URL Twitter E-mail

General

Target

466f57332f24fbff426aad11edb7508c9e01f53f41153a7761d6c73d07a690ef
Size

136KB
MD5

42536216f3bdcc641fef5600a8e7e97f
SHA1

6fa10adc851bfc614098b6d8d225e692e485b53a
SHA256

466f57332f24fbff426aad11edb7508c9e01f53f41153a7761d6c73d07a690ef
SHA512

4fa5970a5e8ab00a834741a00014269ac775ce3b010991a7813acd8c6fc4d780c9be9a7186ce7a7b1f3782d468248f704053ce97a0d38cafbe0ff00d1d8de258
SSDEEP

3072:8/+mFBqn08DX32QnQW21BzZCqVSS0OFp1isH8J95+tM:aPqn0e2YaBAB5Oj4scJOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
466f57332f24fbff426aad11edb7508c9e01f53f41153a7761d6c73d07a690ef

Files

466f57332f24fbff426aad11edb7508c9e01f53f41153a7761d6c73d07a690ef
.dll windows x64

2cd9389355264d63b2ad0a8da06fc96b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
Sleep
GetPrivateProfileIntA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
WideCharToMultiByte
FindClose
FindFirstFileA
GetTickCount
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetLastError
TerminateProcess
MultiByteToWideChar
FormatMessageA
lstrlenA
LocalAlloc
lstrlenW
LocalFree
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapSize
GetStringTypeW
GetStringTypeA
SetEndOfFile
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetLocaleInfoA
GetConsoleOutputCP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoA
GetFileType
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
FlsSetValue
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
GetStdHandle
SetHandleCount

user32

wsprintfA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

ole32

CoInitializeSecurity
CoCreateInstanceEx
CoQueryProxyBlanket
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
VarBstrCat
SysStringLen
SysFreeString

Exports

Exports

WupConnect
WupCountUpdates
WupDisconnect
WupGetFirstUpdate
WupGetNextUpdate
WupInitialize
WupShutdown

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd9389355264d63b2ad0a8da06fc96b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB