6aa3100d9a560c9e3482ca340086285423f2ff95266f4653a999d1991071609a

Sharing

Copy URL Twitter E-mail

General

Target

6aa3100d9a560c9e3482ca340086285423f2ff95266f4653a999d1991071609a
Size

46KB
MD5

207513662fe8271bb1f8d58351de6814
SHA1

232607bc4e3172fb677777af74df7e77e2990b2e
SHA256

6aa3100d9a560c9e3482ca340086285423f2ff95266f4653a999d1991071609a
SHA512

f3e1af8578e7c19915052e508057dadd9d5e89edad003b6f496bce8974fd81e09496db7b29d1419fb9ed7fe1460a66e0d1c08613cbfe1631498bba58bc1fd99e
SSDEEP

768:IKQQE+kTgNoqNxg83XZN5tXWRDhE2r8iB4E7wBtaOWS3BJitif3k5S/tYZfZ/F/I:hQkEmaOf3BJi8f3MXZRj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6aa3100d9a560c9e3482ca340086285423f2ff95266f4653a999d1991071609a

Files

6aa3100d9a560c9e3482ca340086285423f2ff95266f4653a999d1991071609a
.dll windows:6 windows x64

d0308060abd511b6cb402b8abeb991c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

EnableWindow
ShowWindow
SetWindowLongPtrW
SetDlgItemTextW
SendMessageW
SendDlgItemMessageW
RegisterClipboardFormatW
LoadStringW
IsDlgButtonChecked
GetWindowLongPtrW
GetParent
GetDlgItem
EnumDisplayDevicesW
CheckDlgButton

comctl32

CreatePropertySheetPageW

ole32

ReleaseStgMedium

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Child
CM_Get_Sibling
CM_Locate_DevNodeW

msvcrt

memcmp
memcpy
memset
wcscat
wcscmp
wcscpy
wcslen
_snwprintf
_amsg_exit
_initterm
free

kernel32

GetProcAddress
TlsGetValue
LeaveCriticalSection
InitializeCriticalSection
GetLastError
EnterCriticalSection
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
DeleteCriticalSection
GlobalUnlock
LocalFree
LocalAlloc
LoadLibraryW
HeapFree
HeapAlloc
FreeLibrary
GlobalLock
GetProcessHeap

ntdll

DbgPrint

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0308060abd511b6cb402b8abeb991c5

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

ole32

setupapi

msvcrt

kernel32

ntdll

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 284B

.pdata Size: 1024B - Virtual size: 588B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 284B

.pdata
Size: 1024B - Virtual size: 588B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 60B