c45446c6342eb94dfeadce85e45a710f0c12d6d9c7f2fb55fc7b2535ef59c886

Sharing

Copy URL Twitter E-mail

General

Target

c45446c6342eb94dfeadce85e45a710f0c12d6d9c7f2fb55fc7b2535ef59c886
Size

1.1MB
MD5

b296e88d305e927e3a939450443b48e5
SHA1

4faf131d81d82b9d034d9ef42e0271ff204cfc15
SHA256

c45446c6342eb94dfeadce85e45a710f0c12d6d9c7f2fb55fc7b2535ef59c886
SHA512

5363aa4f6e58f09e8b940ab1e10227546acc4b09ead1cfacd9feeb1128a7e6fe0423fce4bcdd3feac5e51428bf2875e7ec0f09345ce52a12c287111fb4527bfa
SSDEEP

24576:rEJBzt1B58u31fc53n6M/oNyijFZuI5E3o9PS3myXdIBX:kr1D8uFex/2VadWX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c45446c6342eb94dfeadce85e45a710f0c12d6d9c7f2fb55fc7b2535ef59c886

Files

c45446c6342eb94dfeadce85e45a710f0c12d6d9c7f2fb55fc7b2535ef59c886
.dll windows:5 windows x86

57a06813f42e550aaae6907bfab86222

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
LocalAlloc
LocalFree
CreateFileW
DeviceIoControl
WriteFile
CreateHardLinkW
DeleteFileW
QueryPerformanceCounter
GetTickCount
CreateDirectoryW
LoadLibraryW
GetProcessId
VirtualAllocEx
WriteProcessMemory
VirtualQuery
ProcessIdToSessionId
TerminateProcess
GetCurrentThreadId
LoadLibraryA
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LockResource
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SizeofResource
WaitForSingleObject
CreateThread
Sleep
ExitProcess
GetModuleFileNameW
SetUnhandledExceptionFilter
MultiByteToWideChar
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
GetCurrentProcess
OpenMutexW
GetLastError
CreateMutexW
FlushFileBuffers
SetStdHandle
HeapCreate
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
Process32NextW
Process32FirstW
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
CreateToolhelp32Snapshot
GetModuleHandleW
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetProcAddress
OpenProcess
CloseHandle
ReadFile
SetFilePointer
GetSystemInfo
GetModuleHandleA
VirtualFree
TerminateThread
VirtualAlloc
CreateRemoteThread
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GlobalAlloc
GlobalFree
CreateFileA

user32

GetThreadDesktop
wsprintfW
FindWindowW
OpenDesktopW
SetThreadDesktop
FindWindowExW
GetWindowThreadProcessId

advapi32

GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
CreateServiceW
StartServiceW
CloseServiceHandle
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken

shlwapi

PathFileExistsW
StrCmpIW

psapi

GetModuleFileNameExW

fwpuclnt

FwpmFilterEnum0
FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterCreateEnumHandle0
FwpmFilterDestroyEnumHandle0
FwpmFilterDeleteById0
FwpmFreeMemory0

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
InternetSetOptionA
HttpOpenRequestW
InternetConnectW
InternetOpenW

dnsapi

DnsFree
DnsQuery_W

ws2_32

inet_addr
inet_ntoa
ntohl
htonl

iphlpapi

SendARP
GetIpNetTable
GetAdaptersInfo

Exports

Exports

DllEntry
Init
ServiceMain

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 958KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57a06813f42e550aaae6907bfab86222

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

psapi

fwpuclnt

version

crypt32

wininet

dnsapi

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 958KB - Virtual size: 966KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 958KB - Virtual size: 966KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 13KB - Virtual size: 13KB