aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38

Sharing

Copy URL

Twitter E-mail

General

Target

aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38
Size

1.4MB
MD5

432125ba904ca462647074a6dd183289
SHA1

408ecf4c8a84e06e12383ee5cf29d87420e58046
SHA256

aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38
SHA512

1f1f7d27959c28edfe721dd40858bae12d65ad11982cf27587e22db714d260b80bc9affb0c7727c758791cc3d8648d33020e5739e617f1793820584d860694c3
SSDEEP

24576:xbjxQlc0rklOWKd0uHo8DPRCgh8LLhP7Wgrd3WekSFBjY3p:xbjwcdOWKup8D5CbXhLxQSFBjYZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38

Files

aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38
.dll windows x86

b5b5ef199642bf11580f147378373599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

AddJobW
SetJobW
EnumPrinterDriversW

ws2_32

select

winmm

mmioClose
waveInReset

opengl32

glVertex3f

kernel32

HeapAlloc
GetBinaryTypeA
PurgeComm
GetSystemTimeAsFileTime
UnregisterWait
GetModuleFileNameA
GetVolumeInformationW
Process32FirstW
GetStartupInfoW
GetProcessHeap
SetInformationJobObject
GetModuleHandleA
GetUserDefaultLCID

ole32

OleUninitialize
CoGetStandardMarshal
OleSetMenuDescriptor

clusapi

ClusterRegEnumValue

advapi32

QueryServiceStatus
RegCloseKey
CopySid
OpenThreadToken
CryptHashSessionKey
AddAccessDeniedObjectAce
GetOldestEventLogRecord
RegisterServiceCtrlHandlerExA
QueryServiceConfigA
GetNumberOfEventLogRecords

rpcrt4

UuidIsNil
NdrStubCall2
RpcServerListen
RpcStringFreeA
NdrUserMarshalUnmarshall

oleaut32

VarI2FromR4
VarUdateFromDate
SafeArrayCreate
VarBstrFromI4
GetRecordInfoFromGuids

avifil32

AVIStreamReadFormat

user32

MapDialogRect
SetScrollInfo
GetUpdateRgn
SetRect
PaintDesktop
OpenIcon
GetKeyState
DestroyCursor

shlwapi

StrChrIW
StrCatChainW
StrChrW
StrChrIA

setupapi

SetupPromptForDiskW
CM_Get_DevNode_Custom_PropertyW
CM_Disable_DevNode
SetupDiOpenDeviceInterfaceA
CM_Get_Hardware_Profile_Info_ExW
SetupInitDefaultQueueCallbackEx

gdi32

GetBitmapDimensionEx
PatBlt
GetCurrentObject
SetDIBitsToDevice

shell32

ShellAboutA

esent

JetSetIndexRange
JetGotoBookmark

winscard

SCardTransmit

wininet

InternetQueryDataAvailable
InternetAutodial

Exports

Exports

TponfKheem

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

=
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nt6+yj.p
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r8CY
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5b5ef199642bf11580f147378373599

Headers

File Characteristics

Imports

winspool.drv

ws2_32

winmm

opengl32

kernel32

ole32

clusapi

advapi32

rpcrt4

oleaut32

avifil32

user32

shlwapi

setupapi

gdi32

shell32

esent

winscard

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 61KB

CODE Size: 20KB - Virtual size: 16KB

= Size: 24KB - Virtual size: 20KB

nt6+yj.p Size: 8KB - Virtual size: 6KB

r8CY Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 61KB

CODE
Size: 20KB - Virtual size: 16KB

=
Size: 24KB - Virtual size: 20KB

nt6+yj.p
Size: 8KB - Virtual size: 6KB

r8CY
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 22KB