9c2ff12d21109f21761f9fc9fd6a722c861a67f5576e21ebf938693232246010

Sharing

Copy URL Twitter E-mail

General

Target

9c2ff12d21109f21761f9fc9fd6a722c861a67f5576e21ebf938693232246010
Size

2.7MB
MD5

024426308b6af6cfa3c515d84d1b6216
SHA1

835e7d6b0382454cad0aea9119a57ae4121f1e1d
SHA256

9c2ff12d21109f21761f9fc9fd6a722c861a67f5576e21ebf938693232246010
SHA512

6d8df14c3c6cd03516795fc0d41824a2d2355996e51c683ba4e2776633b527ad75a80f12dcd1cdc45ac6ea29fad4c35d052c0c9819df6ecbd0f6275ed3833e86
SSDEEP

49152:wGtlqIMVwASONkIU6itT3q2ZOh5Pk7gxNlwTdHcisk9J7tKQ9dPEYi2Tj2dvXegB:Ar+twN9mJRL9yY0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c2ff12d21109f21761f9fc9fd6a722c861a67f5576e21ebf938693232246010

Files

9c2ff12d21109f21761f9fc9fd6a722c861a67f5576e21ebf938693232246010
.dll regsvr32 windows:6 windows x64

ca144b1cacc1ebd68dbc432a8d371f7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
GetFileType
GetFileInformationByHandle
GetFileInformationByHandleEx
FreeResource
GetSystemInfo
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GetDateFormatEx
GetTimeFormatEx
QueryPerformanceCounter
GetCurrentDirectoryW
CancelIo
GetUserPreferredUILanguages
GetLocaleInfoEx
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetFullPathNameW
OpenMutexW
GetEnvironmentVariableW
SetFileInformationByHandle
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetProcAddress
LoadLibraryA
GetModuleHandleA
CopyFileW
SetEndOfFile
SetFilePointer
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
WriteConsoleW
FindFirstFileExW
GetFinalPathNameByHandleW
ReplaceFileW
SetFileValidData
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetConsoleOutputCP
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ReadFile
SetLastError
LocalFree
GetCurrentThreadId
GetLastError
DeleteFileW
MoveFileExW
CreateDirectoryW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
WriteFile
SetNamedPipeHandleState
CreateFileW
Sleep
CloseHandle
CreateProcessW
GetModuleHandleExW
lstrcpynW
lstrcpynA
GetFileAttributesW
LoadResource
LockResource
SizeofResource
FindResourceW
HeapAlloc
HeapFree
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
GetStdHandle
GetModuleHandleW
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx

user32

LoadImageW
GetProcessWindowStation
GetSystemMetrics
InsertMenuW
SetMenuInfo
MessageBoxW
DestroyIcon
GetUserObjectInformationW
SetMenuItemInfoW
CreateIconIndirect
ReleaseDC
GetDC
GetIconInfo

gdi32

DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateBitmap

ws2_32

recv
send
closesocket
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
htonl
inet_ntop
ntohl

shell32

ord727
SHGetSpecialFolderPathW
SHChangeNotify
DuplicateIcon
SHGetFileInfoW
SHGetStockIconInfo
DragQueryFileW

advapi32

GetAce
CryptSignHashW
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameW
GetSecurityInfo
SetSecurityDescriptorControl
DeleteAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
EqualSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptEnumProvidersW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdiplusShutdown
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipDrawArcI
GdipDrawEllipseI
GdipFillEllipseI
GdipCloneBitmapAreaI
GdiplusStartup

shlwapi

PathFindExtensionW

mpr

WNetGetUniversalNameW

ntdll

RtlFreeHeap
RtlAllocateHeap

ncrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetExtVersion

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca144b1cacc1ebd68dbc432a8d371f7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shell32

advapi32

crypt32

gdiplus

shlwapi

mpr

ntdll

ncrypt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 587KB - Virtual size: 587KB

.data Size: 21KB - Virtual size: 77KB

.pdata Size: 70KB - Virtual size: 69KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 376KB - Virtual size: 376KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 587KB - Virtual size: 587KB

.data
Size: 21KB - Virtual size: 77KB

.pdata
Size: 70KB - Virtual size: 69KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 376KB - Virtual size: 376KB

.reloc
Size: 22KB - Virtual size: 22KB