38fcb0483c61f991cc472cb866e9cf18dfc1a78adf94edbc563744b179482b72

Sharing

Copy URL Twitter E-mail

General

Target

38fcb0483c61f991cc472cb866e9cf18dfc1a78adf94edbc563744b179482b72
Size

15.6MB
MD5

fa067f2754f3542ec378c0afaa04cac7
SHA1

efe998604f193417312d1fef1bc018990c2c015f
SHA256

38fcb0483c61f991cc472cb866e9cf18dfc1a78adf94edbc563744b179482b72
SHA512

45f5bf640789720d7c620f25c9afbd1170779e7c34d258f73330e67539e6e7ad3e9161c1f57aa04ed1406321561be5d470e84bf1cd698edd1236cafce7e26829
SSDEEP

196608:dHQ02EL0yrHBymR4pC5tgcDAY3unOzesXjtCdVK0dSOlHCXtG9g80n:pQ02mnh1q+t/Dr1zUrL4ln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38fcb0483c61f991cc472cb866e9cf18dfc1a78adf94edbc563744b179482b72

Files

38fcb0483c61f991cc472cb866e9cf18dfc1a78adf94edbc563744b179482b72
.dll windows:6 windows x64

1830430487d560301c99cecde2f40df5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
InitializeCriticalSection
GetCurrentThreadId
FreeResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
GetTickCount
GetUserDefaultLCID
LoadLibraryW
FreeLibrary
ReadFile
SetLastError
GetCommandLineW
FindNextFileW
GetCurrentProcess
GetModuleFileNameW
FindClose
GetFileAttributesW
MultiByteToWideChar
GetLastError
GlobalFlags
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateEventW
SetEvent
ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
GetComputerNameA
DeviceIoControl
CreateFileW
GlobalUnlock
CreateFileA
SetEndOfFile
WriteConsoleW
HeapSize
FlushFileBuffers
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetStdHandle
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GlobalLock
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
CloseHandle
SuspendThread
TerminateThread
OpenThread
Thread32Next
Thread32First
WideCharToMultiByte
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
MulDiv
OpenProcess
VirtualAlloc
ReadProcessMemory
GetProcAddress
GetModuleHandleW
CreateThread
GetCurrentProcessId
SetWaitableTimer
CreateWaitableTimerW
IsBadReadPtr
DeleteFileW
IsDebuggerPresent
WritePrivateProfileStringW
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
ExitProcess
Sleep
WriteFile
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
GetVersion

user32

MsgWaitForMultipleObjects
SetFocus
MessageBoxW
IsWindow
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
FindWindowW
ReleaseDC
GetDC
GetFocus
LoadCursorW
LoadIconW
LoadStringW
GetActiveWindow
LoadImageW
GetDesktopWindow
MessageBoxA
wsprintfW
MonitorFromWindow
WaitForInputIdle
CharUpperBuffW

gdi32

SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

OpenServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked

psapi

GetMappedFileNameW

gdiplus

GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromFile

ws2_32

recv
send
WSACleanup
WSAStartup
connect
closesocket
socket
inet_addr
htons

Exports

Exports

DllMain

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5iH
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dm-
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.({`
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1830430487d560301c99cecde2f40df5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 872KB

.rdata Size: 192KB - Virtual size: 192KB

.data Size: 56KB - Virtual size: 56KB

.pdata Size: 24KB - Virtual size: 24KB

_RDATA Size: 4KB - Virtual size: 4KB

.5iH Size: 5.9MB - Virtual size: 5.9MB

.dm- Size: 4KB - Virtual size: 4KB

.({` Size: 8.5MB - Virtual size: 8.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.l1 Size: 15KB - Virtual size: 15KB

.text
Size: 872KB - Virtual size: 872KB

.rdata
Size: 192KB - Virtual size: 192KB

.data
Size: 56KB - Virtual size: 56KB

.pdata
Size: 24KB - Virtual size: 24KB

_RDATA
Size: 4KB - Virtual size: 4KB

.5iH
Size: 5.9MB - Virtual size: 5.9MB

.dm-
Size: 4KB - Virtual size: 4KB

.({`
Size: 8.5MB - Virtual size: 8.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.l1
Size: 15KB - Virtual size: 15KB