324bffe7dfb911f0018bbb91f27b15fcfd20c0613ca4941b8461e7184e0a7a39

Sharing

Copy URL Twitter E-mail

General

Target

324bffe7dfb911f0018bbb91f27b15fcfd20c0613ca4941b8461e7184e0a7a39
Size

4.5MB
MD5

e85f9b91470804c445fadddcf2001b87
SHA1

463ea22d44d3fc3b03c5540b92c4789f59766aca
SHA256

324bffe7dfb911f0018bbb91f27b15fcfd20c0613ca4941b8461e7184e0a7a39
SHA512

30f5a8956e413bab31d68e761471246fd00e2b9f10cd243c4e31f8fe7db5c7de0764cefe70e52126093f878570eee57fa3fdb06f1fe8cae158a5a451fa1a345e
SSDEEP

49152:mxVthBriI282pN6+6eW4G/7mmIANWpQxxKp+RO4wd7ZjDiTBqtl4aGRV+j6CLSF4:ariI2Xfifns5MQfpvyFrUgBhb3IbV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
324bffe7dfb911f0018bbb91f27b15fcfd20c0613ca4941b8461e7184e0a7a39

Files

324bffe7dfb911f0018bbb91f27b15fcfd20c0613ca4941b8461e7184e0a7a39
.dll windows:6 windows x64

c57755e5a2be7f515efd6f49f108a615

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcMgmtIsServerListening
RpcBindingFromStringBindingW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

RtlVirtualUnwind
RtlInitUnicodeString
RtlCompareUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
ResumeThread
GetLastError
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
SetLastError
CreateDirectoryW
OutputDebugStringA
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileIntW
FreeEnvironmentStringsW
GetModuleHandleA
GetPrivateProfileStringW
WritePrivateProfileStringA
GetUserDefaultLangID
CreateFileW
GetFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
WriteFile
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
SetEndOfFile
GetEnvironmentVariableW
HeapReAlloc
GetOEMCP
IsValidCodePage
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
InterlockedFlushSList
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetACP
ExitProcess
GetModuleHandleExW
ReadFile
GetModuleFileNameA
HeapFree
HeapAlloc
CompareStringW
LCMapStringW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

shlwapi

PathRemoveFileSpecW
PathAddBackslashW

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xb0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xb1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c57755e5a2be7f515efd6f49f108a615

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

ntdll

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 68KB - Virtual size: 68KB

.pdata Size: 16KB - Virtual size: 16KB

.gfids Size: 4KB - Virtual size: 4KB

.xb0 Size: 1.3MB - Virtual size: 1.3MB

.xb1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 6KB - Virtual size: 6KB

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 68KB - Virtual size: 68KB

.pdata
Size: 16KB - Virtual size: 16KB

.gfids
Size: 4KB - Virtual size: 4KB

.xb0
Size: 1.3MB - Virtual size: 1.3MB

.xb1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 6KB - Virtual size: 6KB