98d61a0f05d9cc96870a0831a694e08196d95186b8d6fabc7164f5c1242b857d

Sharing

Copy URL Twitter E-mail

General

Target

98d61a0f05d9cc96870a0831a694e08196d95186b8d6fabc7164f5c1242b857d
Size

136KB
MD5

e7f40ebcc122260d2f64f2fc37c0e084
SHA1

5a70435a7c0c7275a6d7beafb2e9de8d5f49fa38
SHA256

98d61a0f05d9cc96870a0831a694e08196d95186b8d6fabc7164f5c1242b857d
SHA512

59e25dd08e28b51cdcfed08cf42fa246cbbc51d87991035b3bf1fce280e13b21c9d67befce0f400427559acb01bdaf3e8d7f386d5bdfb6ccb540c2d070ea317e
SSDEEP

3072:tnG2FBqn08DX32QnQW21BzhCqVSS0OFp1isBbc95Zt:JPqn0e2YaB4B5Oj4sRcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98d61a0f05d9cc96870a0831a694e08196d95186b8d6fabc7164f5c1242b857d

Files

98d61a0f05d9cc96870a0831a694e08196d95186b8d6fabc7164f5c1242b857d
.dll windows x64

2cd9389355264d63b2ad0a8da06fc96b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
Sleep
GetPrivateProfileIntA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
WideCharToMultiByte
FindClose
FindFirstFileA
GetTickCount
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetLastError
TerminateProcess
MultiByteToWideChar
FormatMessageA
lstrlenA
LocalAlloc
lstrlenW
LocalFree
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapSize
GetStringTypeW
GetStringTypeA
SetEndOfFile
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetLocaleInfoA
GetConsoleOutputCP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoA
GetFileType
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
FlsSetValue
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
GetStdHandle
SetHandleCount

user32

wsprintfA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

ole32

CoInitializeSecurity
CoCreateInstanceEx
CoQueryProxyBlanket
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
VarBstrCat
SysStringLen
SysFreeString

Exports

Exports

WupConnect
WupCountUpdates
WupDisconnect
WupGetFirstUpdate
WupGetNextUpdate
WupInitialize
WupShutdown

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd9389355264d63b2ad0a8da06fc96b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB