b228c3ceb69cff5e3545ef60616bf92c206b67769458189d5da4cfe7defe33ec

Sharing

Copy URL Twitter E-mail

General

Target

b228c3ceb69cff5e3545ef60616bf92c206b67769458189d5da4cfe7defe33ec
Size

548KB
MD5

17444c85617f7467cb02b3ce9471c2d2
SHA1

cf1807bbeabb15eb945f56fc8c7b59ffa8aefe2b
SHA256

b228c3ceb69cff5e3545ef60616bf92c206b67769458189d5da4cfe7defe33ec
SHA512

f756e77f6d4255b978ed20dbefad6e671d1ffe4803028728ce5fe57254efbc21896c593a9c59fdbf45548fbbaf53c663c6fade02c8c1c255311ed22bbe854d80
SSDEEP

12288:Edq+KQrkmwabEnji3tO5Kytj8oW46NLgSonZ:Si9atO5p46Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b228c3ceb69cff5e3545ef60616bf92c206b67769458189d5da4cfe7defe33ec

Files

b228c3ceb69cff5e3545ef60616bf92c206b67769458189d5da4cfe7defe33ec
.dll windows:6 windows x64

6a142670cbadc653ef14fabb3eca6ccc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetCurrentThread
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
LoadResource
SizeofResource
GlobalAlloc
GlobalFree
CreateFileMappingA
FindResourceA
WaitForSingleObject
GetLastError
GetExitCodeThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
OutputDebugStringA
GetTempPathA
WriteFile
CreateFileA
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
CreateRemoteThread
CloseHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
FormatMessageW
InitializeSListHead
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose

advapi32

FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
ImpersonateSelf
OpenThreadToken
CheckTokenMembership
AllocateAndInitializeSid

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
recv
htons
send
setsockopt
socket
gethostbyname
WSACleanup
WSAStartup
connect

Exports

Exports

WK2k31nK9New1

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a142670cbadc653ef14fabb3eca6ccc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 327KB - Virtual size: 327KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 8KB - Virtual size: 14KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 327KB - Virtual size: 327KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 4KB - Virtual size: 3KB