811cbbdf7a67422d656216a9ab1208523a5ba1f65a9b12d1b4b57f7ab70fcb61

Sharing

Copy URL

Twitter E-mail

General

Target

811cbbdf7a67422d656216a9ab1208523a5ba1f65a9b12d1b4b57f7ab70fcb61
Size

7.0MB
MD5

8e3f9159ca7e4cc86ca753016b3d62cb
SHA1

678bbbea88b4da66a3fbe0a3c4d211972c94f7be
SHA256

811cbbdf7a67422d656216a9ab1208523a5ba1f65a9b12d1b4b57f7ab70fcb61
SHA512

542b880d3560ee802e13ef68e5fc6477a7150a1a515b7cc25297b6acaca95189350df6ec490d6fddd2a9cd301e3045d011deb5b9e9095c8f983f062b27f7a337
SSDEEP

98304:ZJWY1DQZZnY//9emlvJm6UajaoMGzRsUR08CIqPI6yIrof8zo46Bfj0lrtbJ5yfU:yTZRBsJmZol1LRZpX7ferbCu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
811cbbdf7a67422d656216a9ab1208523a5ba1f65a9b12d1b4b57f7ab70fcb61

Files

811cbbdf7a67422d656216a9ab1208523a5ba1f65a9b12d1b4b57f7ab70fcb61
.dll windows x64

5a8e378f2fe1b553fe3412bbcd4c4e14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl

iphlpapi

GetNetworkParams

advapi32

CloseServiceHandle

shell32

ShellExecuteExA

winhttp

WinHttpReceiveResponse

version

GetFileVersionInfoSizeA

kernel32

GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shlwapi

PathStripPathA

gdi32

TextOutA

wtsapi32

WTSSendMessageW

Exports

Exports

AddFilterExeName
AddNoProxyIP
CheckSocks5
EmptyData
FixNet
GetProcessFlow
InitData
SetProxy
StopProxy

Sections

.text
Size: - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Number0
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Number1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a8e378f2fe1b553fe3412bbcd4c4e14

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

advapi32

shell32

winhttp

version

kernel32

user32

shlwapi

gdi32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 245KB

.rdata Size: - Virtual size: 80KB

.data Size: - Virtual size: 25KB

.pdata Size: - Virtual size: 13KB

.Number0 Size: - Virtual size: 5.1MB

.Number1 Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 512B - Virtual size: 168B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 245KB

.rdata
Size: - Virtual size: 80KB

.data
Size: - Virtual size: 25KB

.pdata
Size: - Virtual size: 13KB

.Number0
Size: - Virtual size: 5.1MB

.Number1
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 512B - Virtual size: 168B

.rsrc
Size: 1KB - Virtual size: 1KB