14b61b00e987e79e995f9b1e847a51b10894f36df8cc171be4b3d738718e0b79

Sharing

Copy URL Twitter E-mail

General

Target

14b61b00e987e79e995f9b1e847a51b10894f36df8cc171be4b3d738718e0b79
Size

4.2MB
MD5

078fff73602634789b963fc2f370b208
SHA1

0525e6bcbd4ca1dc1ebee161ccb3ff7793833cda
SHA256

14b61b00e987e79e995f9b1e847a51b10894f36df8cc171be4b3d738718e0b79
SHA512

15af5268c2855d65798eea639bb66c219d760ed3f3007f0150a31e8ce7eab2877d92432c660c4223990240b9a1f3a7916125ef5db255f00c3971acdedae6e1fd
SSDEEP

98304:5U/pydKSlV5R9iux+K69/1wI/27yOB+PrZ905S53MYpVpZ:5U3873A/so90wNTpZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14b61b00e987e79e995f9b1e847a51b10894f36df8cc171be4b3d738718e0b79

Files

14b61b00e987e79e995f9b1e847a51b10894f36df8cc171be4b3d738718e0b79
.dll windows:6 windows x86

941150dca7e2025002eba7389522ec6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlInitUnicodeString
NtWriteVirtualMemory
RtlCopyUnicodeString
NtQueryInformationProcess
NtQuerySystemInformation
RtlCompareUnicodeString
RtlGetCallersAddress
RtlPrefixUnicodeString
RtlUnwind

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall2
RpcMgmtIsServerListening
RpcStringBindingComposeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetTimeZoneInformation
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
ResumeThread
GetLastError
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
SetLastError
CreateDirectoryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
Sleep
CloseHandle
K32GetModuleInformation
CreateThread
VirtualProtectEx
GetCurrentProcessId
IsBadReadPtr
GetLocalTime
GetTickCount
WaitForSingleObject
SetEvent
TerminateThread
GetUserDefaultLangID
GetModuleFileNameW
CreateFileW
GetFileTime
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileIntW
GetEnvironmentVariableW
GetFileAttributesW
GetPrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
OutputDebugStringA
LoadLibraryW
ReadProcessMemory
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
SetFilePointer
SetEndOfFile
OpenEventW
CreateTimerQueue
DeleteFileW
CreateEventA
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
K32GetModuleFileNameExW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
ReadConsoleW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetStdHandle
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
ReadFile
MoveFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ChangeTimerQueueTimer
GetFileType
GetDriveTypeW
GetFileAttributesExW
GetACP
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
LoadLibraryExW
GetThreadSelectorEntry
OutputDebugStringW
GetSystemInfo
GetThreadPriority
SignalObjectAndWait
SwitchToThread
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
HeapSize
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
SetThreadPriority
OpenThread
GetLogicalDriveStringsW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CreateTimerQueueTimer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DeleteCriticalSection
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetVersionExW

user32

EnableWindow
BlockInput
SendMessageA
SendMessageW
CallNextHookEx
DispatchMessageW
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
PeekMessageA
OemKeyScan
PostMessageW
FindWindowExW
GetKeyState
ClipCursor
ShowCursor
MapVirtualKeyW
GetParent
IsWindow
wvsprintfW
SetFocus
mouse_event
FindWindowA
IsIconic
GetWindowLongW
GetWindowThreadProcessId
CallWindowProcW
GetWindowRect
GetDC
IsWindowVisible
SetWindowPos
GetClassNameA
ShowWindow
GetWindowTextA
AttachThreadInput
GetForegroundWindow
EnumWindows
BringWindowToTop
FindWindowW
SetWindowLongW
GetDesktopWindow
SetForegroundWindow
SetCursorPos
ReleaseDC
wsprintfW
GetClassNameW
DefWindowProcW
keybd_event
GetCursorPos
GetWindow

gdi32

GetDeviceCaps
GetPixel
DeleteDC

advapi32

RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteA

imm32

ImmAssociateContext

shlwapi

PathAddBackslashW
PathRemoveFileSpecW

Sections

.text
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DLLShare
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xb0
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xb1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

941150dca7e2025002eba7389522ec6b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

imm32

shlwapi

Sections

.text Size: 732KB - Virtual size: 732KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 224KB - Virtual size: 224KB

.tls Size: 4KB - Virtual size: 4KB

.gfids Size: 4KB - Virtual size: 4KB

DLLShare Size: 4KB - Virtual size: 4KB

.xb0 Size: 948KB - Virtual size: 948KB

.xb1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 10KB - Virtual size: 10KB

.text
Size: 732KB - Virtual size: 732KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 224KB - Virtual size: 224KB

.tls
Size: 4KB - Virtual size: 4KB

.gfids
Size: 4KB - Virtual size: 4KB

DLLShare
Size: 4KB - Virtual size: 4KB

.xb0
Size: 948KB - Virtual size: 948KB

.xb1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 10KB - Virtual size: 10KB