3a363f52e8e53306ba33954e180f012abd70558efc3d14e061ae118bb43125b2

Sharing

Copy URL Twitter E-mail

General

Target

3a363f52e8e53306ba33954e180f012abd70558efc3d14e061ae118bb43125b2
Size

1.4MB
MD5

91c02dbe8b456e82f6bbdbfd825ba1b8
SHA1

25a0c169374059f4cf5473fb21e2979928cdc6d5
SHA256

3a363f52e8e53306ba33954e180f012abd70558efc3d14e061ae118bb43125b2
SHA512

539fbe99a8a88037dd88a47faf9b8c126ae1db9f03f2871d482f2065c9c8ffd2b930735005b7de91ea5710c5cdb20bb5ff3039e70e19ed7ba0ec883a4376715d
SSDEEP

24576:Nqz7JF0gBHLIASSjO9D1eJKtFxMZjAhAjglz6EUDZxts:gz7/0WsAJjO9D1eJKtFxw0hp3uZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a363f52e8e53306ba33954e180f012abd70558efc3d14e061ae118bb43125b2

Files

3a363f52e8e53306ba33954e180f012abd70558efc3d14e061ae118bb43125b2
.dll windows:6 windows x64

86fba50a30327783aa74a79d6f1e2460

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

nnotes

ord2073
ord2494
ord2024
ord376
ord167
ord938
ord2239
ord628
ord143
ord358
ord707
ord231
ord586
ord549
ord2181
ord5799
ord521
ord525
ord2303
ord2010
ord2009
ord308
ord2910
ord2050
ord451
ord2180
ord425
ord232
ord2933
ord3843
ord2940
ord2932
ord2931
ord2934
ord630
ord629
ord2179
ord2178
ord2182
ord3809
ord382
ord3810
ord3829
ord3806
ord5928
ord2338
ord3802
ord417
ord541
ord2198
ord2709
ord3811
ord2638
ord2055
ord3982
ord2259
ord2261
ord2194
ord2088
ord2045
ord2262
ord2124
ord2260
ord439
ord2283
ord2258
ord2264
ord5817
ord438
ord140
ord2006
ord205
ord2027
ord224
ord2413
ord2429
ord2141
ord2064
ord2029
ord2412
ord2145
ord2051
ord5818
ord2007
ord2187
ord3803
ord2109
ord2121
ord2280
ord2281
ord3805
ord5893
ord2113
ord2154
ord2034
ord1382
ord2048
ord2074
ord2031
ord2147
ord5132
ord5131
ord5130
ord5835
ord1247
ord1243
ord1269
ord1246
ord1242
ord940
ord321
ord183
ord2111
ord2040
ord182
ord2072
ord441
ord2164
ord2195
ord435
ord849
ord853
ord858
ord37
ord24
ord38
ord40
ord1562
ord39
ord2026
ord2062
ord245
ord23
ord230
ord17
ord2013
ord2011
ord2177
ord2018
ord16
ord2008
ord851
ord2305
ord852
ord2185
ord2184
ord850
ord2183
ord165
ord2005
ord2001
ord229
ord416
ord391
ord408
ord401

tmprapit

PR_activation
PR_decomposeActivationCode
PR_onlineUpdateLicense
PR_getProductAUBehavior
PR_getProductScanBehavior
PR_getNumberOfDaysBeforeExpired
PR_getLicenseStatus
PR_getLicenseInfo
PR_checkActivationCodeFormat
PR_removeAcDash
PR_getReminderStatus
PR_isPerformOnlineUpdateLicenseBySchedule
PR_initializeLicenseProfile
PR_setProperty

libcurl

curl_easy_strerror
curl_easy_init
curl_easy_perform
curl_easy_setopt

kernel32

GetModuleFileNameA
GetCurrentProcessId
GetSystemDirectoryW
LocalFree
LoadLibraryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
LocalAlloc
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrlenA
GetExitCodeProcess
CreateProcessA
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
GetFullPathNameA
CreateSemaphoreA
ReleaseSemaphore
GetModuleHandleA
VirtualQuery
FindNextFileA
MultiByteToWideChar
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
FindClose
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
Sleep
GetCurrentThreadId
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteFileA

ole32

CoCreateGuid

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?fail@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

crypt32

CertGetNameStringW

vcruntime140

_CxxThrowException
memset
__CxxFrameHandler3
memcmp
__C_specific_handler
memcpy
_purecall
__vcrt_InitializeCriticalSectionEx
strchr
__std_type_info_destroy_list
memchr
__std_exception_destroy
memmove
__std_exception_copy
__std_terminate
strstr
strrchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fputc
__stdio_common_vsprintf
feof
fflush
fread
ferror
fclose
_tempnam
_getcwd
_ftelli64
_mktemp
fopen
fgetc
__stdio_common_vsscanf
fseek
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
ftell
__stdio_common_vsnwprintf_s
_pclose
__stdio_common_vsnprintf_s
fgets
fwrite
_popen
fopen_s

api-ms-win-crt-string-l1-1-0

isdigit
_stricmp
strncat_s
_strnicmp
strncmp
_strdup
isspace
tolower
strncpy_s
toupper
strpbrk
strncat
strncpy
wcsncat_s
isalpha
isalnum
strcmp

api-ms-win-crt-time-l1-1-0

_utime64
_localtime64_s
_time64
strftime
_gmtime64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_crt_atexit
_crt_at_quick_exit
_cexit
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
terminate
_seh_filter_dll
_register_onexit_function
_initialize_onexit_table
_initterm
_getpid
_initialize_narrow_environment
system
_configure_narrow_argv
_execute_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlink
rename
_access
_rmdir
_splitpath
_lock_file
_fullpath
_stat64i32
_mkdir
_unlock_file

api-ms-win-crt-convert-l1-1-0

atol
atoi
_itoa
strtol
atof
strtoul

api-ms-win-crt-heap-l1-1-0

_callnewh
free
realloc
malloc

api-ms-win-crt-utility-l1-1-0

rand
srand

tmmsg

TmMsg_CreateResourceLocator
TmMsg_DeleteMailMessage
TmMsg_DeleteResourceLocator
TmMsg_CreateMailMessage

em_helpr

ord6120

advapi32

InitializeSecurityDescriptor
RegisterEventSourceA
RegSetValueExA
ReportEventA
RegCreateKeyExA
RegCloseKey
SetSecurityDescriptorDacl

Exports

Exports

MainEntryPoint

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 793KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86fba50a30327783aa74a79d6f1e2460

Headers

DLL Characteristics

File Characteristics

Imports

nnotes

tmprapit

libcurl

kernel32

ole32

msvcp140

crypt32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

tmmsg

em_helpr

advapi32

Exports

Exports

Sections

.text Size: 455KB - Virtual size: 455KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 793KB - Virtual size: 902KB

.pdata Size: 23KB - Virtual size: 23KB

.gfids Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 455KB - Virtual size: 455KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 793KB - Virtual size: 902KB

.pdata
Size: 23KB - Virtual size: 23KB

.gfids
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB