524b56e7842ac0a2e3257f4d8001d52227face5bc37b728046027db28c3a1ff5

Sharing

Copy URL Twitter E-mail

General

Target

524b56e7842ac0a2e3257f4d8001d52227face5bc37b728046027db28c3a1ff5
Size

6.6MB
MD5

2c8ac1e4261d6c01ade5c31d1937355f
SHA1

f632648ced5583e33f4ce325fb4170b261a31743
SHA256

524b56e7842ac0a2e3257f4d8001d52227face5bc37b728046027db28c3a1ff5
SHA512

1d386d50e44b8e56298f2b8c2b9857c828f895b1493bc7e4ec99f2ae9d04f0bde9413dc7c188c5274b15447c89cb0a69ec71878ad125438395e0dc745806315f
SSDEEP

98304:1CwP4HKkIf8+pX13sCDwAiMz9jcEruwY7/CwP4HKkIf8+pX13sCDwAiMz9jcEruB:EwAQ18fAikJcMPwAQ18fAikJcM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
524b56e7842ac0a2e3257f4d8001d52227face5bc37b728046027db28c3a1ff5

Files

524b56e7842ac0a2e3257f4d8001d52227face5bc37b728046027db28c3a1ff5
.dll windows:5 windows x86

4fe64a5ee2abdd49b330727c4253b956

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext

user32

wsprintfA
MessageBoxA

kernel32

SetStdHandle
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameW
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcpyA
FreeLibrary
ExitProcess
DisableThreadLibraryCalls
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
Sleep
HeapSize
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
HeapReAlloc
LoadLibraryW
WriteFile
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
IsProcessorFeaturePresent
WriteConsoleW

Exports

Exports

Initialize
SetServer
SetUploadFileFilter

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fe64a5ee2abdd49b330727c4253b956

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 21KB - Virtual size: 21KB