d467f54dd9e183e129a9fc68c21989d0147b75c3ef3e2ccb6c541eb20b837a1e

Sharing

Copy URL Twitter E-mail

General

Target

d467f54dd9e183e129a9fc68c21989d0147b75c3ef3e2ccb6c541eb20b837a1e
Size

171KB
MD5

330267e5eebdbf7d6e21541ddadb8102
SHA1

d51976e8aac3c9c4e8d34628a51fcf141f91a95d
SHA256

d467f54dd9e183e129a9fc68c21989d0147b75c3ef3e2ccb6c541eb20b837a1e
SHA512

7a4d0216a352d80aba34b80630b55651dd065c9f107667451c7ff4ecf59b1871c7409c46269f1a37543f966e8f24c4c303c9b4d0eacdee551785ee3c22ae0606
SSDEEP

3072:EO6tMLeiNKUo7orkNkzfXZqRPAssJp/ukEkcxJ3gv3NKm:EOYMLNIUQorkNkjJIoZ/uAc7gvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d467f54dd9e183e129a9fc68c21989d0147b75c3ef3e2ccb6c541eb20b837a1e

Files

d467f54dd9e183e129a9fc68c21989d0147b75c3ef3e2ccb6c541eb20b837a1e
.dll windows x86

fac2817ae4d9b8461895dfcdeed49725

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

kernel32

lstrlenA
MapViewOfFile
GetCurrentProcess
WaitForSingleObject
SetEvent
Sleep
CreateEventA
CreateFileW
MultiByteToWideChar
FreeLibraryAndExitThread
GetLastError
GetLongPathNameA
CreateFileMappingA
DeviceIoControl
CreateMutexA
ReleaseMutex
CloseHandle
GetCurrentProcessId
OpenFileMappingA
CreateThread
lstrcpyA
QueryPerformanceCounter
GetLocalTime
QueryPerformanceFrequency
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetFileSize
GetModuleHandleW
SetLastError
GetProcAddress
WideCharToMultiByte
LCMapStringW
HeapCreate
HeapDestroy
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
HeapSize
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeW
SetFilePointer
LoadLibraryW
HeapReAlloc
WriteConsoleW
SetStdHandle
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringW
SetEnvironmentVariableA
CreateFileA
GetModuleFileNameA
TlsFree

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

psapi

GetModuleFileNameExA

ws2_32

sendto
send
closesocket
__WSAFDIsSet
socket
recv
setsockopt
WSAStartup
select
recvfrom
inet_ntoa
connect
ioctlsocket
accept
listen
bind
ntohs
htonl
inet_addr
WSACleanup
gethostbyname
htons

rasapi32

RasDialA
RasHangUpA
RasGetErrorStringA

Exports

Exports

Connect
Getchuanqi
Gettcp
Getudp
HangUp
SetRoute
_UnLoad@0
doHangUp
doSwitch
donewDial
getcqdaili

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fac2817ae4d9b8461895dfcdeed49725

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

user32

advapi32

psapi

ws2_32

rasapi32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 3.3MB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 3.3MB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 19KB - Virtual size: 18KB