rU87dHss[.]G_A

Sharing

Copy URL Twitter E-mail

General

Target

rU87dHss.G_A
Size

2.6MB
MD5

6fb54e30ec818e57a84681f4b834f22d
SHA1

8f809e744c74d751492c719aab2bfa6d17989097
SHA256

83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1
SHA512

2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160
SSDEEP

49152:mg5HkjB3IMDMFA/5kRqQUKM5qiuEKvHBZrwzLxZ192N674cP6EnwcCnTJH:mglksckRzopupvHD6mN674cvCnTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rU87dHss.G_A

Files

rU87dHss.G_A
.dll windows:5 windows x86

0ffd76462a05a56812495c46a823c995

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptDestroyHash
RemoveUsersFromEncryptedFile
RegCloseKey

setupapi

SetupDiGetDeviceRegistryPropertyA

ws2_32

WSAGetLastError
select

lz32

LZOpenFileW

rasapi32

RasRenameEntryW

shell32

ExtractIconW

clusapi

ClusterResourceControl

version

VerQueryValueA

oleaut32

SafeArrayCreate
VarBstrCat
GetErrorInfo
GetRecordInfoFromGuids
VarI4FromR8
SysAllocStringLen

shlwapi

StrChrW

msvcrt

memset
putc

winmm

mmioRenameW
midiStreamClose

wintrust

WintrustAddActionID

psapi

GetModuleFileNameExW

gdi32

SetICMProfileA
CloseMetaFile
Rectangle
ExtEscape
CreateBrushIndirect

kernel32

IsProcessorFeaturePresent
EnterCriticalSection
GetVersionExA
VirtualAlloc
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
WaitForDebugEvent
WaitForSingleObject
SetStdHandle
InterlockedPushEntrySList
GetUserDefaultLCID
SetCommConfig
GetCommMask
FreeConsole
ResumeThread
LoadLibraryA
LoadLibraryExW
GetBinaryTypeA
GetModuleFileNameA
Process32FirstW

user32

DrawMenuBar
ValidateRgn
ShowScrollBar
ToAscii
CreateWindowExA
MenuItemFromPoint
DeleteMenu
TrackPopupMenuEx
GetCursor
SetWindowTextW
WinHelpA
PostQuitMessage
ShowWindow
EnableMenuItem
GetDialogBaseUnits
SetCapture

crypt32

CryptHashPublicKeyInfo

winspool.drv

XcvDataW

Exports

Exports

NnewnsrneaYap

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ffd76462a05a56812495c46a823c995

Headers

File Characteristics

Imports

advapi32

setupapi

ws2_32

lz32

rasapi32

shell32

clusapi

version

oleaut32

shlwapi

msvcrt

winmm

wintrust

psapi

gdi32

kernel32

user32

crypt32

winspool.drv

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 64KB - Virtual size: 64KB

.crt0 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 64KB - Virtual size: 64KB

.crt0
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB