993fe20cefd41835ca645eb7fa1872cdaf01a4c7698e78bee958cc6d35886b19

Sharing

Copy URL Twitter E-mail

General

Target

993fe20cefd41835ca645eb7fa1872cdaf01a4c7698e78bee958cc6d35886b19
Size

223KB
MD5

285669fc828fdfe316be10747c61693a
SHA1

79e4cd0c13bc73f892965eb976ab85d4a77048ab
SHA256

993fe20cefd41835ca645eb7fa1872cdaf01a4c7698e78bee958cc6d35886b19
SHA512

09ed169b936c95b803ed474f08aa470094aacbad9a3a0f5f3ac2ff1129b1e37373c1dc925e42e61aee6981288289ee08355cdc9e29c133fe1d05cacd26c8d4b8
SSDEEP

3072:yX/8xKKWDjpM6saqCuAqrm4szaSmaMGBRz4dqN8mM2WJHBNJpLxgKD:c/O6D9zPJCrozb99N82WJhNDLxgKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
993fe20cefd41835ca645eb7fa1872cdaf01a4c7698e78bee958cc6d35886b19

Files

993fe20cefd41835ca645eb7fa1872cdaf01a4c7698e78bee958cc6d35886b19
.dll windows:5 windows x64

8bf92e7ed50c85f69b3052ede17db10f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
CreateProcessA
GetThreadContext
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
GetFullPathNameA
ExpandEnvironmentStringsA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetLogicalDrives
RemoveDirectoryA
CopyFileA
MoveFileA
OpenProcess
GetCurrentProcessId
CreateThread
OpenThread
VirtualAllocEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateRemoteThread
SetThreadContext
VirtualProtect
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Wow64GetThreadContext
Wow64SetThreadContext
SetLastError
SetNamedPipeHandleState
PeekNamedPipe
WaitNamedPipeA
CreateEventA
GetCurrentThread
GetModuleFileNameA
GetComputerNameA
TerminateProcess
GetOEMCP
HeapAlloc
HeapFree
GetProcessHeap
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
SetErrorMode
UpdateProcThreadAttribute
DuplicateHandle
ProcessIdToSessionId
Process32First
Process32Next
VirtualQuery
RtlCaptureContext
CreateEventW
GetCurrentThreadId
CreateTimerQueue
CreateTimerQueueTimer
GetModuleHandleW
ExitProcess
ExitThread
GetCurrentProcess
ConnectNamedPipe
ReadFile
MultiByteToWideChar
GetStartupInfoA
GetTickCount
WaitForSingleObject
DisconnectNamedPipe
CreatePipe
GetLastError
CloseHandle
WriteFile
FlushFileBuffers
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetCurrentDirectoryW
GetACP
CreateNamedPipeA
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedFlushSList
GetModuleHandleExW
EnterCriticalSection
GetVersionExA
LeaveCriticalSection

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
LogonUserA
LookupAccountSidA
RevertToSelf
GetTokenInformation
FreeSid
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameA
CreateProcessWithTokenW
CreateProcessWithLogonW
CreateProcessAsUserA
LookupPrivilegeValueA
ImpersonateLoggedOnUser
AdjustTokenPrivileges
OpenThreadToken
ImpersonateNamedPipeClient

iphlpapi

GetAdaptersInfo

netapi32

NetStatisticsGet

ntdll

RtlTimeToSecondsSince1970

wininet

InternetSetStatusCallback
InternetSetOptionA
InternetQueryOptionA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
InternetQueryDataAvailable
HttpQueryInfoA

ws2_32

bind
listen
select
htonl
__WSAFDIsSet
WSAGetLastError
shutdown
htons
ntohl
closesocket
WSAStartup
WSACleanup
WSAIoctl
WSASocketA
connect
send
socket
gethostbyname
ntohs
ioctlsocket
recv
accept

msvcrt

strncat_s
_time64
fread
fseek
remove
strncmp
_mkdir
srand
strtok
realloc
clock
strlen
strcmp
calloc
toupper
_callnewh
_initterm
_initterm_e
_putenv
fclose
_errno
__pctype_func
tolower
wcsnlen
strnlen
strtol
wctomb_s
_iob
fgetpos
__CppXcptFilter
__getmainargs
?terminate@@YAXXZ
___lc_codepage_func
_lock
_unlock
_isatty
fflush
_fileno
ceil
log10
_clearfp
rand
atoi
strncpy
malloc
free
__CxxFrameHandler3
_CxxThrowException
memset
memcpy
memcmp
strrchr
__C_specific_handler
strstr
fopen
strcpy_s
memmove

Exports

Exports

DllGetClassObject

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bf92e7ed50c85f69b3052ede17db10f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

iphlpapi

netapi32

ntdll

wininet

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 6KB - Virtual size: 47KB

.pdata Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 372B

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 6KB - Virtual size: 47KB

.pdata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 372B