096a3ff21fca54708f6972cada048050dc8764b915b3e1d8d80ac7288a2f92af

Sharing

Copy URL

Twitter E-mail

General

Target

096a3ff21fca54708f6972cada048050dc8764b915b3e1d8d80ac7288a2f92af
Size

14.8MB
MD5

5960d5f4fbd95181af0f4307380f366c
SHA1

1597d73d5a142d43e05e2be9050af43db4a08ab8
SHA256

096a3ff21fca54708f6972cada048050dc8764b915b3e1d8d80ac7288a2f92af
SHA512

aaf96b07fcadfe5361a92bb9732b5812e8c838faa42b3b1d210fc9da1acdd9ed9de96711a756d6edd0758c940a44a4867c1d55de402d7080ae848ad70e15c74d
SSDEEP

196608:B4duF7XLhtZKdwvavz3qSzfbhnKGDoNfKagSUJDzwVPab/sSzIlt3q3EhH6YPT:lFhXovJ9KGKI1EVmRIlRqGH6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
096a3ff21fca54708f6972cada048050dc8764b915b3e1d8d80ac7288a2f92af

Files

096a3ff21fca54708f6972cada048050dc8764b915b3e1d8d80ac7288a2f92af
.dll windows x64

a33ba2e5aa1e306d99d57ca732c92fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

NtQueryInformationThread
RtlCompareUnicodeString
RtlPcToFileHeader
NtGetContextThread
RtlLeaveCriticalSection
ZwLoadDriver
RtlCaptureContext
ZwUnloadDriver
RtlEnterCriticalSection
NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlImageDirectoryEntryToData
NtUnmapViewOfSection
NtMapViewOfSection
NtClose
NtCreateSection
RtlFreeUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
LdrAccessResource
LdrFindResource_U
RtlImageNtHeader
RtlGetVersion

fltlib

FilterConnectCommunicationPort
FilterReplyMessage
FilterGetMessage

shlwapi

PathIsRelativeW
PathAppendW
PathSkipRootW
SHDeleteKeyW

setupapi

SetupOpenFileQueue
CM_Locate_DevNodeA
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupCloseFileQueue
SetupDiDestroyDriverInfoList
CM_Reenumerate_DevNode
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupScanFileQueueW
SetupDiSetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW

kernel32

LCMapStringW
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
CreateThread
CloseHandle
GetTickCount64
GetTickCount
Sleep
GetLastError
GetCurrentProcessId
WaitForSingleObject
ResumeThread
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
ResetEvent
CreateFileA
IsValidLocale
ReadFile
SetEvent
GetCurrentProcess
LoadLibraryExW
GetFileSizeEx
LoadLibraryW
VirtualAllocEx
VirtualFreeEx
CreateFileW
GetCurrentThreadId
GetCurrentThread
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenW
lstrcpyW
lstrcatW
LoadLibraryExA
GetProcessId
Wow64GetThreadContext
Wow64SuspendThread
SuspendThread
FindClose
FindNextFileW
SetLastError
WriteConsoleW
GetStdHandle
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
GetLocaleInfoW
GetUserDefaultLCID
GetFileSize
EnumSystemLocalesW
HeapSize
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
CreateEventA
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
GetConsoleOutputCP
WriteFile
GetConsoleMode
GetFileType
FreeLibrary
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
TlsFree

user32

FindWindowA
wsprintfW
GetWindowThreadProcessId

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

SHQueryUserNotificationState

ole32

CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

Exports

Exports

InitClient

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.$/g
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(io
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wYt
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 729B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a33ba2e5aa1e306d99d57ca732c92fb5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

fltlib

shlwapi

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 744KB

.rdata Size: 532KB - Virtual size: 532KB

.data Size: 28KB - Virtual size: 28KB

.pdata Size: 48KB - Virtual size: 48KB

_RDATA Size: 4KB - Virtual size: 4KB

.$/g Size: 4.9MB - Virtual size: 4.9MB

.(io Size: 4KB - Virtual size: 4KB

.wYt Size: 8.5MB - Virtual size: 8.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 729B - Virtual size: 729B

.l1 Size: 10KB - Virtual size: 10KB

.text
Size: 744KB - Virtual size: 744KB

.rdata
Size: 532KB - Virtual size: 532KB

.data
Size: 28KB - Virtual size: 28KB

.pdata
Size: 48KB - Virtual size: 48KB

_RDATA
Size: 4KB - Virtual size: 4KB

.$/g
Size: 4.9MB - Virtual size: 4.9MB

.(io
Size: 4KB - Virtual size: 4KB

.wYt
Size: 8.5MB - Virtual size: 8.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 729B - Virtual size: 729B

.l1
Size: 10KB - Virtual size: 10KB