3501a543bc12ebad229652934e7a31e9c7d7b8f47237c71dfdc8540b9beb665e

Sharing

Copy URL Twitter E-mail

General

Target

3501a543bc12ebad229652934e7a31e9c7d7b8f47237c71dfdc8540b9beb665e
Size

6.0MB
MD5

caf44f8d6642f053856eae7c90b2e045
SHA1

681f9acf71385914593b0feefd8972c4634f3ad8
SHA256

3501a543bc12ebad229652934e7a31e9c7d7b8f47237c71dfdc8540b9beb665e
SHA512

207e3eafd214d3c50a71f418ca3010326508605185d193d67e40a62899e28df40cdcb83a59a9ae97f94e68869b9582d66c3fe6f4be20cb27167e02402676a351
SSDEEP

98304:aez2ESEmzENw1HJO6uvPlOY0qb5lUzIEJZWMqyBcLuRtSK0HcF+XMdL/2/bxQAv:nvmklOXi5lUzIEJkMqeYuR4/G+XMdL/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3501a543bc12ebad229652934e7a31e9c7d7b8f47237c71dfdc8540b9beb665e

Files

3501a543bc12ebad229652934e7a31e9c7d7b8f47237c71dfdc8540b9beb665e
.dll windows x86

bcafd3e29c198ad937330a6f055ef672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateGuid

ws2_32

ntohs

advapi32

RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW

crypt32

CryptStringToBinaryA

shlwapi

PathRemoveFileSpecA
PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW

user32

GetClassNameW
GetClassNameA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
GetWindowLongA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
ShowWindow
DestroyWindow
GetWindowRect
CreateWindowExA
MessageBoxA
wsprintfA
FindWindowW
SendMessageA
EnumWindows
GetWindowTextA
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
EnumThreadWindows
SendMessageTimeoutA
CallNextHookEx
SendMessageW
ScreenToClient
PostMessageA
EnumChildWindows
SetWindowLongA
RegisterClassExA
CharUpperBuffW
MessageBoxW

mscoree

CLRCreateInstance

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

GetProcessHeap
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
VirtualFree
SuspendThread
VirtualAlloc
CopyFileW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapDestroy
HeapCreate
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetDateFormatA
GetTimeFormatA
RtlUnwind
VirtualQuery
GetModuleFileNameA
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
DisableThreadLibraryCalls
Sleep
GetLastError
GetCurrentProcessId
DeleteFileA
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
Module32First
GetProcAddress
OpenProcess
GetProcessTimes
TerminateProcess
GetModuleFileNameW
VirtualProtect
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
GetModuleHandleA
GetModuleHandleExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcess
CreateThread
WaitForSingleObject
GetCurrentThread
ExitThread
GetThreadContext
TerminateThread
SetThreadContext
LoadLibraryW
GetLocalTime
GetSystemTime
lstrcpynA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Thread32Next
Thread32First
Module32Next
FindClose
FindFirstFileA
GetFileAttributesA
CreateDirectoryA
GetTempPathA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
InterlockedCompareExchange
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineA
RaiseException
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

wtsapi32

WTSSendMessageW

Exports

Exports

AisinoBusiness
ChangeUsingTxtKp
CloudDoBuz
CreateObj
GetData
GetHVersion
SelectDetail
SetQYInfo
StartUpSoft
UsbIpInstall

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 180B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcafd3e29c198ad937330a6f055ef672

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ws2_32

advapi32

crypt32

shlwapi

user32

mscoree

psapi

kernel32

wtsapi32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 28KB - Virtual size: 28KB

.detourd Size: 4KB - Virtual size: 4KB

.detourc Size: 8KB - Virtual size: 8KB

SHARED Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.6MB - Virtual size: 2.6MB

.vmp1 Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 180B - Virtual size: 180B

.l1 Size: 12KB - Virtual size: 12KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 28KB - Virtual size: 28KB

.detourd
Size: 4KB - Virtual size: 4KB

.detourc
Size: 8KB - Virtual size: 8KB

SHARED
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.6MB - Virtual size: 2.6MB

.vmp1
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 180B - Virtual size: 180B

.l1
Size: 12KB - Virtual size: 12KB