bd73e158b5b4aafa7ddc3e083cf5a702a773ebe4c6e95a21de0078c2985f202c

Sharing

Copy URL Twitter E-mail

General

Target

bd73e158b5b4aafa7ddc3e083cf5a702a773ebe4c6e95a21de0078c2985f202c
Size

55KB
MD5

f8d58d8cbc73da1b407bd9b9db115a11
SHA1

614e612f258807d68ab9ecaf977e8ccf34460810
SHA256

bd73e158b5b4aafa7ddc3e083cf5a702a773ebe4c6e95a21de0078c2985f202c
SHA512

2faa19fca7a5842040894f7ec06153b43fc5085c4c0e3425f79c81acfb29130c87cc207207d59d9cc46fc840920c0c7364421fd092dac4578493314387ab2c03
SSDEEP

768:32Qg5kmTInPAjx/wxtfPcjaET3XKr5xu5XTeDJi4B90HdyxcNK5mZ80uxSCnc0:DgmmTI7tfPcjaSXU5A+i4LslTq0uxS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd73e158b5b4aafa7ddc3e083cf5a702a773ebe4c6e95a21de0078c2985f202c

Files

bd73e158b5b4aafa7ddc3e083cf5a702a773ebe4c6e95a21de0078c2985f202c
.dll windows x64

26cf115c2ad79c0dcec7ffa421c8f462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
FreeLibrary
GetModuleHandleW
GetCurrentThread
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
lstrcatW
VirtualProtect
CloseHandle
GetCurrentProcessId
WriteProcessMemory
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
DecodePointer
EncodePointer
SetLastError
VirtualAlloc
SuspendThread
VirtualFree
GetSystemTimeAsFileTime
GetThreadContext
SetThreadContext
GetCurrentProcess
FlushInstructionCache
ResumeThread
GetLastError
VirtualQuery
GetCurrentThreadId

user32

wsprintfW
wsprintfA
MessageBoxW

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
??2@YAPEAX_K@Z
memcpy
memset
??3@YAXPEAX@Z
__C_specific_handler
__crt_debugger_hook

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26cf115c2ad79c0dcec7ffa421c8f462

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 912B

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 8KB - Virtual size: 8KB

.vmp0 Size: 20KB - Virtual size: 20KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 434B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 912B

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 8KB - Virtual size: 8KB

.vmp0
Size: 20KB - Virtual size: 20KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 434B