e0d01814703a7c52aee4f93b001104bd4979540da5dde0b144fabb963ac35199

Sharing

Copy URL Twitter E-mail

General

Target

e0d01814703a7c52aee4f93b001104bd4979540da5dde0b144fabb963ac35199
Size

738KB
MD5

0f34792753739c72ae504548c0673add
SHA1

2408408b7eb37525d3b920e86918739f9fd8fc31
SHA256

e0d01814703a7c52aee4f93b001104bd4979540da5dde0b144fabb963ac35199
SHA512

869e591db5957a0268433adfe3f1bdef80bdfbdb539467b5b5d4559e847e16eee2e38be8866710e9fdcffd1b07eae74b14ff699ce8522b639b310958dd18b95f
SSDEEP

12288:soawhtyybAsLAk4uwXH3XEL0r2xN1Akq88pKJJFXh8x3Z6+vozdCORlIb:s8Es8k3OH3C0rQ6+8pKJJFo3Q+qdCO7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d01814703a7c52aee4f93b001104bd4979540da5dde0b144fabb963ac35199

Files

e0d01814703a7c52aee4f93b001104bd4979540da5dde0b144fabb963ac35199
.dll windows:5 windows x86

6b0c751615ac53490e2add17eb4f7df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WriteFile
SetLastError
CreateProcessW
GetCurrentProcess
WaitForSingleObject
QueryFullProcessImageNameW
LoadLibraryW
DuplicateHandle
GetComputerNameA
FreeResource
FindResourceW
LoadResource
SetEvent
GetTickCount
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
CreateFileW
FlushFileBuffers
EnterCriticalSection
LockResource
CreateEventW
DeleteCriticalSection
CreateThread
HeapAlloc
GetProcAddress
GetProcessHeap
GetFileAttributesW
TlsFree
TlsSetValue
InterlockedDecrement
LocalFree
SetEndOfFile
OutputDebugStringA
TerminateProcess
OutputDebugStringW
GetLastError
Sleep
CreateMutexW
FileTimeToLocalFileTime
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
lstrlenW
WideCharToMultiByte
HeapFree
GetModuleHandleW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
IsDebuggerPresent
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
ReadFile
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
HeapSize
Process32FirstW
GlobalFree
FileTimeToSystemTime
GlobalAlloc
OpenProcess
TlsGetValue
GetProcessTimes
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
ExitProcess
ExitThread
GetCurrentThreadId
GetCommandLineA
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

user32

EnumWindows
PostMessageW
GetWindowThreadProcessId
SendMessageW
EnumChildWindows

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteExW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString

iphlpapi

SendARP
GetAdaptersInfo
GetAdaptersAddresses

ws2_32

inet_addr

shlwapi

PathFileExistsW
PathFileExistsA
PathRemoveFileSpecW
PathStripPathW

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect

httpapi

HttpInitialize
HttpCreateHttpHandle
HttpTerminate
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpAddUrl

Exports

Exports

EntryPoint
Ext_RunDLL
Start_RunDLL

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b0c751615ac53490e2add17eb4f7df6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

shlwapi

winhttp

httpapi

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 15KB - Virtual size: 44KB

.rsrc Size: 267KB - Virtual size: 267KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 15KB - Virtual size: 44KB

.rsrc
Size: 267KB - Virtual size: 267KB

.reloc
Size: 34KB - Virtual size: 33KB