fd9a263ff67296719d2537339082a222b9957ce993cf71acf2df512da8a8530e

Sharing

Copy URL

Twitter E-mail

General

Target

fd9a263ff67296719d2537339082a222b9957ce993cf71acf2df512da8a8530e
Size

5.2MB
MD5

979d26433dfc0c812e59750d7c5f14c0
SHA1

48512e48a875dcff9e14802daa70bfa4be08ac5d
SHA256

fd9a263ff67296719d2537339082a222b9957ce993cf71acf2df512da8a8530e
SHA512

25588cb004739a7b117fdbce14f098967affed656d7d72742de13c1cf041d5036069a9921270b978e9bce11ae556e3c3c7091958f404db87a67e27655a76a09b
SSDEEP

98304:wBN7s0E5nmbM6Ucqb6OXc5CGTMOY/N+1sDigUriK1cktGehkZ:wBKVJb6OM5eD3qcDehw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd9a263ff67296719d2537339082a222b9957ce993cf71acf2df512da8a8530e

Files

fd9a263ff67296719d2537339082a222b9957ce993cf71acf2df512da8a8530e
.dll windows:5 windows x86

fbad5124b5a61205ae91c52607f537e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetTickCount
LoadLibraryExA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DosDateTimeToFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetProcAddress
InterlockedDecrement
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
LoadLibraryA
FormatMessageW
FreeLibrary
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
CreateProcessW
CreateThread
OutputDebugStringA
DeleteCriticalSection
DecodePointer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetACP
SetConsoleCtrlHandler
RaiseException
GetLastError
Sleep
InitializeCriticalSectionAndSpinCount
TerminateThread
SetFilePointer
CreateFileW
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleFileNameA
ExitProcess
ExitThread
GetTimeZoneInformation
MoveFileExW
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
ResetEvent
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
SetEvent
ReplaceFileA
MoveFileA
FindNextFileA
FindFirstFileA
GetFileAttributesExA
RemoveDirectoryA
CreateDirectoryA
GetLocalTime
SetFilePointerEx
GetFileSizeEx
FindNextFileW
FindFirstFileW
EncodePointer
GetStringTypeW
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SleepEx
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
FindClose

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

advapi32

ReportEventW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegCloseKey
GetLengthSid
CryptGetProvParam
CryptSetHashParam
DeregisterEventSource
RegisterEventSourceW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey

shell32

ShellExecuteExW

ole32

CoCreateGuid

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

wldap32

ord22
ord301
ord211
ord46
ord26
ord27
ord200
ord79
ord33
ord41
ord60
ord143
ord50
ord32
ord35
ord30

shlwapi

StrStrIA

ws2_32

accept
listen
freeaddrinfo
ioctlsocket
shutdown
getnameinfo
gethostname
closesocket
recvfrom
sendto
socket
WSAStartup
WSACleanup
getaddrinfo
WSAGetLastError
recv
send
htons
getsockopt
connect
ntohs
getsockname
getpeername
WSASetLastError
WSAIoctl
bind
select
__WSAFDIsSet
setsockopt

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 849KB - Virtual size: 849KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbad5124b5a61205ae91c52607f537e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

wldap32

shlwapi

ws2_32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 849KB - Virtual size: 849KB

.data Size: 49KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 157KB - Virtual size: 157KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 849KB - Virtual size: 849KB

.data
Size: 49KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 157KB - Virtual size: 157KB