6f55245620829c253af79cc1c9c0243904c3cd9b560800d2e4d027c38a328058

Sharing

Copy URL Twitter E-mail

General

Target

6f55245620829c253af79cc1c9c0243904c3cd9b560800d2e4d027c38a328058
Size

3.9MB
MD5

755e61853aac5301f09e36198ab95bb4
SHA1

4010dd478b428cf7fb755e2c218dc5de24b19d53
SHA256

6f55245620829c253af79cc1c9c0243904c3cd9b560800d2e4d027c38a328058
SHA512

cbd1ca7e4edb4ed60bdadadc7c609b4f70eea6c258d17f51e55f61cb85568a1a32002e172546f60ed8a4f767494a41a38353ef2d61e632c685b8ec912281f22b
SSDEEP

98304:p5o8tic6+gqCXYh6qt70PsKVaUta/orhv4be76QazQhL/4:p5o8tic6+ggiAgsa6QazQB/4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f55245620829c253af79cc1c9c0243904c3cd9b560800d2e4d027c38a328058

Files

6f55245620829c253af79cc1c9c0243904c3cd9b560800d2e4d027c38a328058
.dll windows:6 windows x86

36c34f23a53302e7074f7214a746f2f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sensapi

IsNetworkAlive

sangfordll

QueryTcpServiceStatus
LogoutSslVpn
QueryL3vpnServiceStatus

ws2_32

WSACreateEvent
WSAGetLastError
WSACloseEvent
inet_addr
htons
WSAStartup
setsockopt
WSACleanup
closesocket
socket
getaddrinfo
freeaddrinfo
inet_ntoa
ioctlsocket
connect
select
__WSAFDIsSet
send
recv
gethostbyname
WSASocketW
sendto
recvfrom
bind
listen
accept
getsockname
gethostbyaddr

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

UnlockFile
lstrcmpiW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
GlobalGetAtomNameW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetEndOfFile
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
GetTempPathW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetCurrentThread
GetFileSize
FlushFileBuffers
WritePrivateProfileStringW
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
SetFilePointer
LockFile
GetVolumeInformationW
GetCurrentDirectoryW
GetFullPathNameW
GlobalDeleteAtom
GetModuleHandleA
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
lstrcmpA
SuspendThread
SetThreadPriority
MulDiv
GlobalLock
GlobalUnlock
GlobalSize
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
GetPrivateProfileStringW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
TlsFree
SetLastError
GetFileType
GetStdHandle
GetComputerNameA
CreateFileA
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
SetEvent
ResetEvent
CreateEventW
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSectionEx
GetFileTime
CopyFileW
CreateDirectoryW
FindClose
FindFirstFileW
GetLogicalDrives
GetTimeZoneInformation
GetSystemPowerStatus
WriteFile
DuplicateHandle
ReadFile
PeekNamedPipe
CreateProcessW
GetStartupInfoW
CreatePipe
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
LoadLibraryExW
GetComputerNameW
WTSGetActiveConsoleSessionId
CloseHandle
DeviceIoControl
CreateFileW
GlobalFree
GlobalAlloc
DeleteFileW
GetSystemInfo
GetCurrentProcess
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
LocalFree
GetModuleFileNameW
GetModuleHandleW
FindNextFileW
DeleteFileA
MoveFileA
GetLocalTime
GetModuleFileNameA
GetCurrentProcessId
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetTickCount
Sleep
FreeLibrary
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
lstrlenW
GetLastError
MultiByteToWideChar
GetExitCodeThread
ResumeThread
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
GetPrivateProfileIntW
OutputDebugStringW
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedFlushSList
MoveFileExW
GetCommandLineA
GetCommandLineW
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
HeapQueryInformation
VirtualAlloc
VirtualQuery
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
GetConsoleOutputCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalReAlloc

user32

ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
SetWindowRgn
SetClassLongW
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetComboBoxInfo
LoadImageW
TrackMouseEvent
IntersectRect
DestroyIcon
InvalidateRect
KillTimer
SetTimer
DeleteMenu
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
RealChildWindowFromPoint
GetDesktopWindow
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
IsDialogMessageW
SetWindowTextW
WaitMessage
GetWindowRgn
MoveWindow
ShowWindow
LoadCursorW
GetSysColorBrush
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DestroyCursor
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
DrawTextW
GetSystemMetrics
CharUpperW
GetWindowThreadProcessId
IsWindowEnabled
SetCursor
ShowOwnedPopups
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetParent
GetClassLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
EnableWindow
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
CheckDlgButton
RegisterDeviceNotificationW
UnregisterDeviceNotification
DefWindowProcW
IsWindow
CreateWindowExW
SetWindowLongW
PostMessageW
GetUpdateRect
UnregisterClassW
GetFocus
FindWindowA
SendMessageW
FindWindowW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
RegisterWindowMessageW
GetMessagePos
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture

gdi32

RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetDIBColorTable
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreateDIBSection
StretchBlt
GetRgnBox
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
Rectangle
GetTextColor
Ellipse
SetPixel
GetTextCharsetInfo
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
OffsetRgn
CreateEllipticRgn
LPtoDP
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
SetPaletteEntries
CreateSolidBrush
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
EnumFontFamiliesW
CopyMetaFileW
CreateDCW
GetDeviceCaps
SetBkColor
SetTextColor
GetObjectW
CreateBitmap
BitBlt
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyW
StartServiceW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
ChangeServiceConfigW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
DragFinish

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

DrawThemeText
DrawThemeParentBackground
GetThemePartSize
GetThemeSysColor
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
IsAppThemed

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoDisconnectObject
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocStringLen
VariantChangeType
SysStringLen
SysAllocString
VariantCopy
VarBstrFromDate
LoadTypeLi
VarUdateFromDate
SystemTimeToVariantTime
SysFreeString
VariantTimeToSystemTime

iphlpapi

NotifyAddrChange
CancelIPChangeNotify

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

wsock32

WSASetLastError

bcrypt

BCryptGenRandom

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipAlloc
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipCreateBitmapFromHBITMAP
GdipFree

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Exports

Exports

GetModuleObject

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36c34f23a53302e7074f7214a746f2f7

Headers

DLL Characteristics

File Characteristics

Imports

sensapi

sangfordll

ws2_32

crypt32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

iphlpapi

wtsapi32

wsock32

bcrypt

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 809KB - Virtual size: 809KB

.data Size: 51KB - Virtual size: 97KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 207KB - Virtual size: 206KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 809KB - Virtual size: 809KB

.data
Size: 51KB - Virtual size: 97KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 207KB - Virtual size: 206KB