cf4175aa870bbf5433644a0c1aad5f532ac849d760967a4e150be8ee83b4aafa

Sharing

Copy URL Twitter E-mail

General

Target

cf4175aa870bbf5433644a0c1aad5f532ac849d760967a4e150be8ee83b4aafa
Size

1.3MB
MD5

dc8938c7d207def6a872684fad9cf6a0
SHA1

4cd1784ca53a2191d304ad3a1fc32e0aebf4e091
SHA256

cf4175aa870bbf5433644a0c1aad5f532ac849d760967a4e150be8ee83b4aafa
SHA512

af42964e0f12f1a2f0db88c94434d4d01255b9affc850955daaafc81ffb7f0880f63be12daf3ceb9a980c4b5cbd1efdf03c78d73b4c3c978cec01f18b4b45cd6
SSDEEP

24576:49JF0kNfcHXTzu8MwGjeNzyP0c1i5zd8Zukwzpow5XlA:45YDzfMwHzycJzd8ZukUlA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf4175aa870bbf5433644a0c1aad5f532ac849d760967a4e150be8ee83b4aafa

Files

cf4175aa870bbf5433644a0c1aad5f532ac849d760967a4e150be8ee83b4aafa
.dll windows:6 windows x64

c8e73cfe3e1b42f0b488e38e320227f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
QueryPerformanceCounter
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetFilePointerEx
SetFileInformationByHandle
GetDriveTypeW
GetVolumeInformationW
QueryDosDeviceW
GetCommandLineA
GetOEMCP
GetACP
GetFileAttributesExW
FindFirstFileExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
FreeResource
LockResource
ConvertDefaultLocale
InitializeCriticalSection
GetSystemWow64DirectoryW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
FreeEnvironmentStringsW
FindClose
CreateEventW
HeapDestroy
CreateWaitableTimerW
FormatMessageW
WideCharToMultiByte
FlushFileBuffers
GetCurrentProcessId
ReplaceFileW
WriteConsoleW
GetFileInformationByHandle
GetConsoleMode
GetModuleHandleA
GetCurrentThreadId
SetEndOfFile
SetFilePointer
DeviceIoControl
WriteFile
GetStdHandle
GetFileInformationByHandleEx
CancelWaitableTimer
SetWaitableTimer
GetTickCount64
ResetEvent
SetEvent
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetExitCodeProcess
CreateProcessW
GetCurrentThread
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcess
MoveFileW
CopyFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetTempPathW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
CloseHandle
LocalFree
LocalAlloc
Sleep
GetEnvironmentVariableW
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
MultiByteToWideChar
LeaveCriticalSection
EncodePointer
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
ExitProcess
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
EnterCriticalSection
SizeofResource
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCommandLineW
RtlUnwind

user32

CharNextW

advapi32

RegRestoreKeyW
RegGetValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
RegCloseKey
QueryServiceObjectSecurity
QueryServiceStatusEx
OpenServiceW
InitializeSid
GetSidSubAuthority
InitializeAcl
AddAce
QueryServiceStatus
RegSetKeySecurity
GetLengthSid
LookupAccountSidW
GetAclInformation
GetAce
DeleteAce
BuildTrusteeWithSidW
RegGetKeySecurity
EqualSid
GetSidLengthRequired
InitializeSecurityDescriptor
MakeAbsoluteSD
RegDeleteKeyExW
RegDeleteTreeW
RegEnumValueW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
RevertToSelf
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSecurityDescriptorGroup
SetEntriesInAclW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetNamedSecurityInfoW
GetSecurityDescriptorControl
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
GetSecurityDescriptorOwner
ImpersonateSelf
IsValidSid
FreeSid
CheckTokenMembership
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
GetTokenInformation
RegSaveKeyW
CreateServiceW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
SetServiceObjectSecurity
ControlService
GetServiceKeyNameW
ControlServiceExW
EnumDependentServicesW
GetServiceDisplayNameW
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegNotifyChangeKeyValue

ole32

CoTaskMemRealloc
CLSIDFromString
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

shell32

SHGetKnownFolderPath
SHGetFolderPathW

oleaut32

SysFreeString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen

userenv

UnloadUserProfile

msi

ord78
ord150
ord8

setupapi

SetupDiDestroyDeviceInfoList
InstallHinfSectionW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoW

newdev

UpdateDriverForPlugAndPlayDevicesW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminAddCatalog
CryptCATAdminRemoveCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CryptMsgClose
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptMsgGetAndVerifySigner
CryptMsgOpenToDecode
CertNameToStrW
CertEnumCertificatesInStore
CryptMsgUpdate

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8e73cfe3e1b42f0b488e38e320227f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

userenv

msi

setupapi

newdev

wintrust

crypt32

version

Exports

Exports

Sections

.text Size: 883KB - Virtual size: 882KB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 30KB - Virtual size: 47KB

.pdata Size: 63KB - Virtual size: 62KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 883KB - Virtual size: 882KB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 30KB - Virtual size: 47KB

.pdata
Size: 63KB - Virtual size: 62KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 7KB - Virtual size: 7KB