9825dc0a57c99b5b6daf7b3fac08c0207b507370bc422f19dc7a856c2b306ed3

Sharing

Copy URL Twitter E-mail

General

Target

9825dc0a57c99b5b6daf7b3fac08c0207b507370bc422f19dc7a856c2b306ed3
Size

4.5MB
MD5

f99c5cd3e33f267043fb9dc81e29c1e4
SHA1

0018626bbcd0cc351b26bc445fe074b46b41927e
SHA256

9825dc0a57c99b5b6daf7b3fac08c0207b507370bc422f19dc7a856c2b306ed3
SHA512

45da727ca5351be991b93db57f383574ae399ba6b4671c909d711b8c54a99d6ebb490214a8ab7ef6f936879ec61b4535dfc385c54bd42f372c27c7a49269259b
SSDEEP

98304:n2lym/FihoOq/+1a/zJmRFKfjkuzSi7+MzQglt/7cwljms:n0yGSof/+1u3osSi7+MEgbj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9825dc0a57c99b5b6daf7b3fac08c0207b507370bc422f19dc7a856c2b306ed3

Files

9825dc0a57c99b5b6daf7b3fac08c0207b507370bc422f19dc7a856c2b306ed3
.dll windows:4 windows x86

ada39553c94008718a90ef7a1d391499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
LCMapStringA
SetFileAttributesA
DeleteFileA
GetFileSize
ReadFile
GetStartupInfoA
CreateProcessA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
TerminateThread
Process32Next
Process32First
GlobalFree
GlobalUnlock
GlobalLock
SetFilePointer
GetLastError
GetTempPathA
GetWindowsDirectoryA
WaitForSingleObject
GetSystemDirectoryA
lstrlenA
GlobalAlloc
SetLastError
GetTimeZoneInformation
GetVersion
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
GetACP
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringW
SetUnhandledExceptionFilter
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
WriteFile
GetModuleFileNameA
Sleep
IsBadReadPtr
HeapReAlloc
VirtualProtectEx
GetCurrentDirectoryA
ExitProcess
GetModuleHandleA
ReadProcessMemory
GetCurrentProcessId
Module32Next
Module32First
QueryDosDeviceA
GetLogicalDriveStringsA
lstrcpyn
IsWow64Process
GetSystemInfo
GetVersionExA
WideCharToMultiByte
lstrlenW
QueryDosDeviceW
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
IsBadStringPtrA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatA
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameA
DeviceIoControl
lstrcpynA
CreateFileA
FreeLibrary
WriteProcessMemory
CreateThread
RtlMoveMemory
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
VirtualQueryEx
CloseHandle
LocalFree
LocalAlloc
OpenProcess
lstrcpyA
GetCurrentProcess

ws2_32

gethostbyname
recv
WSAGetLastError
ioctlsocket
inet_ntoa
WSACleanup
WSAStartup
socket
closesocket
select
__WSAFDIsSet
htons
send
inet_addr
connect
shutdown

user32

SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
MsgWaitForMultipleObjects
GetCapture
GetMenuState
ExitWindowsEx
GetSystemMetrics
EnumDisplaySettingsA
GetDC
ReleaseDC
MessageBoxA
wsprintfA
DispatchMessageA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
SetWindowTextA
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
EnableWindow
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
GetWindowTextA
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
SystemParametersInfoA
GetClassNameA
SendMessageA
GetWindowRect
TranslateMessage
GetMenuItemCount
GetDlgCtrlID
UnregisterClassA
GetMessageA
PeekMessageA
DestroyWindow
UnhookWindowsHookEx
GrayStringA
DrawTextA
GetMenuCheckMarkDimensions
TabbedTextOutA
LoadBitmapA
ClientToScreen

iphlpapi

SendARP

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject
ScaleWindowExtEx
CreateBitmap
SaveDC
RestoreDC
SetBkColor

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CLSIDFromString
IIDFromString
CoInitializeSecurity
CoUninitialize

psapi

GetProcessImageFileNameW
GetModuleFileNameExA
GetProcessImageFileNameA

oleaut32

VariantCopy
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantTimeToSystemTime

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

rasapi32

RasHangUpA
RasGetConnectStatusA

msvcrt

__dllonexit

Exports

Exports

DllCanUnloadNow_m
DllGetClassObject_m
DllRegisterServer_m
DllUnregisterServer_m
OleCreateFontIndirect_m
OleCreatePictureIndirect_m
OleCreatePropertyFrameIndirect_m
OleCreatePropertyFrame_m
OleIconToCursor_m
OleLoadPicture_m
OleTranslateColor_m

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ada39553c94008718a90ef7a1d391499

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

iphlpapi

gdi32

advapi32

ole32

psapi

oleaut32

winspool.drv

shell32

comctl32

wininet

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.sedata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.sedata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB