3c1f06c13896c890a786b3e0f5d31451e8923d364ecd1d8c01a8224193022e0c

Sharing

Copy URL Twitter E-mail

General

Target

3c1f06c13896c890a786b3e0f5d31451e8923d364ecd1d8c01a8224193022e0c
Size

1.7MB
MD5

cd126ded2e2455c050cafab1a60ecb65
SHA1

366ef12ef48690149a53984af2c3a9ad87cbe423
SHA256

3c1f06c13896c890a786b3e0f5d31451e8923d364ecd1d8c01a8224193022e0c
SHA512

8ad2886f44c016301379c10becc328c604eae0ed22f1311e84b114625a42dcae1f33a003cf2bccf82ff7355b62eb9ca0f18104b2056b136dc924fca79eb56239
SSDEEP

24576:elbpGAGfFEELTvwcThgulW6bZ9KS8qP0vUiZSCrV30aWZE2+yur2:ehpGAMxuulW6NES8q1CrVcwr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1f06c13896c890a786b3e0f5d31451e8923d364ecd1d8c01a8224193022e0c

Files

3c1f06c13896c890a786b3e0f5d31451e8923d364ecd1d8c01a8224193022e0c
.dll windows:5 windows x86

f65396bdc37f3df67cc4e8cade2059c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
closesocket
gethostbyname
ntohs
socket
htons
htonl
WSAGetLastError
__WSAFDIsSet
select
inet_addr
setsockopt
send
connect
inet_ntoa
recv
ioctlsocket
WSAStartup
ntohl

kernel32

FreeResource
lstrcmpiW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
GetACP
FormatMessageW
WriteFile
GetExitCodeProcess
GetExitCodeThread
GetModuleHandleExW
GetSystemDirectoryW
InterlockedCompareExchange
InterlockedExchange
Sleep
DeviceIoControl
InterlockedIncrement
GlobalAlloc
GlobalFree
SetFilePointer
GetCPInfo
GetPrivateProfileStringW
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
CopyFileW
SetDllDirectoryW
TerminateThread
DuplicateHandle
GetWindowsDirectoryW
SetLastError
InterlockedDecrement
GetSystemPowerStatus
GetSystemDefaultLangID
GetSystemInfo
VirtualQuery
TlsSetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetTickCount
TlsGetValue
TlsFree
CreateIoCompletionPort
IsDebuggerPresent
ExpandEnvironmentStringsA
SetEndOfFile
ReadFile
ResetEvent
IsBadReadPtr
MulDiv
GlobalLock
GlobalUnlock
GlobalReAlloc
GetFileSizeEx
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
WritePrivateProfileStringA
GetPrivateProfileStringA
CopyFileA
GetModuleFileNameA
GetFileAttributesExA
GetPrivateProfileIntA
FindClose
CreateFileW
GetTempFileNameW
GetTempPathW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
LoadLibraryExW
SetEvent
TlsAlloc
GetFileSize
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetFileType
GetDriveTypeW
WideCharToMultiByte
FreeLibrary
FindResourceW
LoadResource
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
FindResourceExW
LoadLibraryW
Process32FirstW
LockResource
GetDiskFreeSpaceExW
Process32NextW
CreateToolhelp32Snapshot
GetVersionExW
GetFileAttributesW
ExpandEnvironmentStringsW
SizeofResource
CreateDirectoryW
WaitForSingleObject
CreateMutexW
DeleteFileW
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineW
lstrcpynW
DeleteCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
WaitForMultipleObjects
CreateProcessW
OpenProcess
CreateEventW
LeaveCriticalSection
EnterCriticalSection
HeapFree
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeap
HeapAlloc
GetModuleFileNameW
MultiByteToWideChar
ReadConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CreateFileA

user32

SetCursor
EqualRect
CopyRect
GetKeyState
GetCapture
SetCapture
IntersectRect
OffsetRect
PtInRect
UpdateWindow
GetMenuState
EndPaint
CreateCaret
HideCaret
ShowCaret
SetCaretPos
SetFocus
WindowFromPoint
GetClassNameW
GetSystemMetrics
SetTimer
ScreenToClient
KillTimer
PostQuitMessage
IsWindow
EnableWindow
SetWindowPos
GetClassLongW
SetClassLongW
GetSystemMenu
GetActiveWindow
SetWindowRgn
IsZoomed
SystemParametersInfoW
GetParent
GetWindow
MapWindowPoints
GetCursorPos
GetCaretPos
IsRectEmpty
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
UnhookWindowsHookEx
RegisterWindowMessageW
UnionRect
InvalidateRect
BeginPaint
UpdateLayeredWindow
GetQueueStatus
FindWindowExW
DrawTextW
DrawIconEx
GetWindowTextW
GetSysColor
FillRect
ClientToScreen
GetWindowRect
InflateRect
ReleaseDC
GetDC
GetClientRect
ReleaseCapture
ShowWindow
wsprintfW
IsWindowVisible
SetWindowTextW
GetMessageW
SendMessageW
LoadIconW
SetRect
PostMessageW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
SendMessageTimeoutW
FindWindowW
TranslateMessage
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
MessageBoxW
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
UnregisterClassW
WaitMessage

gdi32

GetTextExtentPoint32W
CombineRgn
ExtCreateRegion
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetTextMetricsW
SetTextColor
CreateSolidBrush
CreateDIBSection
GetStockObject
SetBkMode
CreatePen
ExcludeClipRect
GetObjectW
GetDeviceCaps
Rectangle
CreateRectRgn
CreateFontIndirectW

advapi32

RegQueryValueExW
QueryServiceStatus
OpenServiceW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
OpenSCManagerW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
GetUserNameW
CloseServiceHandle

shell32

ShellExecuteW
ord165
SHGetFolderPathW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathFindExtensionW
SHGetValueW
PathRemoveBackslashW
PathMatchSpecW
PathCombineW
SHSetValueW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathQuoteSpacesW
PathRenameExtensionW

psapi

GetModuleFileNameExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

imm32

ImmReleaseContext
ImmGetDefaultIMEWnd

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipGraphicsClear
GdipSetWorldTransform
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetGetConnectedState
HttpQueryInfoW
InternetOpenW

netapi32

Netbios

Exports

Exports

DownloaderHelper
EntryPoint
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_Initialize
TxDl_IsDownloading
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
Txdl_GetVersion

Sections

.text
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f65396bdc37f3df67cc4e8cade2059c8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

comctl32

msimg32

imm32

gdiplus

wininet

netapi32

Exports

Exports

Sections

.text Size: 780KB - Virtual size: 779KB

.rdata Size: 277KB - Virtual size: 277KB

.data Size: 14KB - Virtual size: 22KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 588KB - Virtual size: 588KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 780KB - Virtual size: 779KB

.rdata
Size: 277KB - Virtual size: 277KB

.data
Size: 14KB - Virtual size: 22KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 588KB - Virtual size: 588KB

.reloc
Size: 38KB - Virtual size: 37KB