be045e99d1da03e71b13d15693de2972844f93052a42ed2b29bf68d247cd8c05

Sharing

Copy URL Twitter E-mail

General

Target

be045e99d1da03e71b13d15693de2972844f93052a42ed2b29bf68d247cd8c05
Size

287KB
MD5

809c6714a19f80319313681fc1669702
SHA1

cbf1bb474d19455c6253ecda26fcd94fd6960181
SHA256

be045e99d1da03e71b13d15693de2972844f93052a42ed2b29bf68d247cd8c05
SHA512

658095038af88219aa1807f197c3e82df5ae151dee3f33fd08681541ce4c2503d358134c894ff8156873447596a12f55e5a81671f9fc1d14ef6d96cd59c90d1d
SSDEEP

6144:uOQtO6GppBeqdGwRz2gjgI6QkUIcbpO5zx:jqO6IeqdGwRielc7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be045e99d1da03e71b13d15693de2972844f93052a42ed2b29bf68d247cd8c05

Files

be045e99d1da03e71b13d15693de2972844f93052a42ed2b29bf68d247cd8c05
.dll windows:5 windows x86

6ab7036debc25545bb80eec84585f175

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
InterlockedExchange
ResetEvent
CreateEventW
CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
GetCurrentProcess
GetProcessHeap
OpenProcess
GetModuleFileNameW
GetCurrentProcessId
LocalFree
GetThreadContext
SetThreadContext
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetSystemDirectoryA
VirtualAllocEx
WriteProcessMemory
ResumeThread
GetProcAddress
VirtualProtect
CreateMutexW
WideCharToMultiByte
SystemTimeToFileTime
GlobalSize
CreateDirectoryW
GlobalLock
WriteFile
GlobalAlloc
FileTimeToSystemTime
CreateFileW
lstrcmpW
GlobalUnlock
GlobalFree
FindClose
GetLocalTime
RemoveDirectoryW
lstrcatW
FindNextFileW
GetFileTime
DeleteFileW
GetSystemTime
SetFileAttributesW
CreateThread
HeapSize
ExitThread
DecodePointer
EncodePointer
GetModuleHandleW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetLastError
SwitchToThread
GetCurrentThreadId
CloseHandle
GetLastError
CreateEventA
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
VirtualAlloc
FindFirstFileW
VirtualFree
LCMapStringW
MultiByteToWideChar
GetSystemInfo
GetConsoleMode
GetConsoleCP
VirtualQuery
GetCommandLineA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
LoadLibraryW
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
HeapReAlloc

user32

DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
wsprintfW
GetDC
ReleaseDC
GetDesktopWindow
TranslateMessage
GetSystemMetrics

gdi32

CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
DeleteDC

advapi32

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegSetValueExW

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

ws2_32

connect
WSAIoctl
WSAStartup
select
htons
setsockopt
recv
socket
closesocket
gethostbyname
send
WSACleanup
WSACloseEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAEventSelect
shutdown
WSACreateEvent
WSASetLastError
WSAResetEvent
WSAGetLastError

winmm

timeGetTime

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext

Exports

Exports

load
run
Fuck

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab7036debc25545bb80eec84585f175

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

winmm

gdiplus

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 169KB - Virtual size: 185KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 169KB - Virtual size: 185KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 9KB - Virtual size: 8KB