78b2f2b961bd6a1e97b8b371be92f2c9dee860a63db4d53db4da19def38a1f5c

Sharing

Copy URL

Twitter E-mail

General

Target

78b2f2b961bd6a1e97b8b371be92f2c9dee860a63db4d53db4da19def38a1f5c
Size

4.2MB
MD5

263a63a0378db825c22e6db186a848d5
SHA1

56327fe7b86f79dd5e8e33936f80f20c52167977
SHA256

78b2f2b961bd6a1e97b8b371be92f2c9dee860a63db4d53db4da19def38a1f5c
SHA512

3b9de2a1ec34407bbed4a106ab35e2fc5f4011b7602bb5a7e61d896ef6d74193d666ffd77475ed042957eea8641f9fa2ecbd50b5d2e2fc1e0a4727a8f9fede2f
SSDEEP

24576:7RGzTas1FmnVccO0w5E7CHVLDeEZjLU9J4EEXFIKoLCHVLDeEZjLU9J4EEXFIKo:7cndbm/74VLD7kJ4L1S4VLD7kJ4L1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78b2f2b961bd6a1e97b8b371be92f2c9dee860a63db4d53db4da19def38a1f5c

Files

78b2f2b961bd6a1e97b8b371be92f2c9dee860a63db4d53db4da19def38a1f5c
.dll windows:6 windows x64

0746f0d973c7e9e3a6f93300a0753373

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlushInstructionCache
OpenProcess
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
CreateFileW
CreateThread
CreateRemoteThread
GetProcessId
GetVersionExW
MapViewOfFile
VirtualFreeEx
IsWow64Process
LoadLibraryW
lstrlenW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
VerSetConditionMask
GetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathW
SearchPathA
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
IsDebuggerPresent
OutputDebugStringA
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SetThreadContext
GetProcessTimes
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLocalTime
GetTickCount
FindResourceExW
FreeResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalAlloc
LocalFree
MulDiv
FormatMessageA
FormatMessageW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynA
lstrcpynW
lstrcpyW
lstrcatW
lstrlenA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileStructW
WritePrivateProfileStructW
QueryDosDeviceA
IsBadReadPtr
IsBadWritePtr
VerifyVersionInfoW
WideCharToMultiByte
IsDBCSLeadByte
SetConsoleTextAttribute
GetConsoleTitleW
SetConsoleTitleW
Process32FirstW
Process32NextW
Thread32First
Thread32Next
GetNativeSystemInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
GetThreadContext
CreateProcessW
CreateProcessA
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentThread
GetExitCodeProcess
TerminateProcess
ExitProcess
GetCurrentProcessId
LoadResource
GetCurrentProcess
Sleep
WaitForSingleObject
SetLastError
GetLastError
CloseHandle
OutputDebugStringW
WriteFile
SetFilePointer
GetFileSize
GetEnvironmentVariableW
GetEnvironmentVariableA
DisableThreadLibraryCalls
FindResourceW
SizeofResource
LockResource
CreateMutexW
InitializeSListHead

user32

GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
DrawTextW
IsWindowEnabled
EnableWindow
IsWindowUnicode
MsgWaitForMultipleObjectsEx
GetFocus
GetActiveWindow
SetFocus
CharLowerW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItemTextW
SetWindowTextW
ReleaseDC
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
IsWindow
UnregisterClassW
PostQuitMessage
GetWindowTextW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
IsDialogMessageW
GetProcessWindowStation
GetUserObjectInformationW
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageA
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
AttachThreadInput
LoadCursorW
GetWindow
GetLastActivePopup
GetWindowThreadProcessId
GetClassNameW
EnumWindows
FindWindowExW
FindWindowW
EnumChildWindows
GetParent
GetDesktopWindow
WaitMessage
WaitForInputIdle
RedrawWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
PtInRect
MapWindowPoints
ScreenToClient
ClientToScreen
MessageBeep
MessageBoxW
MessageBoxA
GetWindowRect
GetClientRect
GetDlgItem
GetWindowTextLengthW
SetDlgItemTextW

gdi32

SelectClipRgn
SelectObject
GetPixel
GetTextMetricsW
GetObjectW
GetDIBits
GetDeviceCaps
GetCurrentObject
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateFontIndirectW
CreateDCW
CreateCompatibleDC
CreateBitmapIndirect
StretchBlt
BitBlt

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

BindMoniker
CLSIDFromProgIDEx
CreateBindCtx
OleRun
CLSIDFromProgID
CoCreateInstance
CoLoadLibrary
CLSIDFromString
CreateStreamOnHGlobal
MkParseDisplayName

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarRound
LoadTypeLi
GetActiveObject
GetErrorInfo

ntdll

NtSuspendProcess
NtResumeProcess

shlwapi

PathFindExtensionW
PathFindFileNameA
PathCanonicalizeW
PathIsURLW
PathRemoveExtensionA
PathRemoveFileSpecW
SHDeleteKeyW
PathFindExtensionA
PathCanonicalizeA
PathFindFileNameW
PathIsURLA
PathIsRelativeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipAlloc
GdipLoadImageFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipFree

msimg32

AlphaBlend

wtsapi32

WTSEnumerateSessionsW
WTSSendMessageA
WTSFreeMemory
WTSSendMessageW
WTSQuerySessionInformationW

ws2_32

WSAStringToAddressA
WSAStringToAddressW
WSAAddressToStringW
WSAAddressToStringA
getpeername
inet_addr
inet_ntoa
ntohs

vcruntime140d

memmove
wcsstr
memset
__C_specific_handler
strchr
__std_type_info_destroy_list
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__current_exception_context
__current_exception
__std_exception_destroy
__std_exception_copy
__C_specific_handler_noexcept
memcpy
wcsrchr
wcschr
strstr
strrchr
memcmp
_CxxThrowException

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

malloc
_recalloc
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
_wgetenv
_invalid_parameter_noinfo
iswspace
isalpha
_errno
_memicmp
_wcsdup
calloc
wcscmp
wcscpy
wcsnlen
wcsncat
wcsncmp
wcsncpy
_wcsrev
_wcslwr_s
_wcslwr
_wcsupr_s
_wcsupr
strcat
strcpy
_strdup
_stricmp
_strlwr
strncmp
strncpy
_strrev
_strupr
realloc
_resetstkoflw
_wfopen
__stdio_common_vswscanf
_itow
wcstod
_wtoi
_i64tow
_ui64tow
_wtoi64
_wcstoui64
wcsftime
wmemcpy_s
fclose
fopen
fread
fwrite
__stdio_common_vsprintf_s
exit
__p___argc
__p___wargv
_localtime64
_time64
_CrtSetAllocHook
_CrtDbgReport
_mbsinc
_mbslwr_s
_mbsrev
_mbsupr_s
fabs
log
pow
ceil
floor
__acrt_iob_func
fseek
ftell
__stdio_common_vfprintf
_free_dbg
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
strcpy_s
strcat_s
_initterm
_initterm_e
terminate
_wmakepath_s
_wsplitpath_s
strncat
_wcsnicmp
_wcsicmp
free
wcslen
wcscpy_s
_assert
__stdio_common_vsprintf
__stdio_common_vswprintf
_set_error_mode
strlen
strcmp
_CrtDbgReportW
_strnicmp
wcscat

Exports

Exports

CheckForEnableAccessibility
IsMatch

Sections

.textbss
Size: - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0746f0d973c7e9e3a6f93300a0753373

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

version

gdiplus

msimg32

wtsapi32

ws2_32

vcruntime140d

vcruntime140_1d

ucrtbased

Exports

Exports

Sections

.textbss Size: - Virtual size: 251KB

.text Size: 553KB - Virtual size: 552KB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 6KB - Virtual size: 19KB

.pdata Size: 32KB - Virtual size: 32KB

.idata Size: 21KB - Virtual size: 21KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 18KB - Virtual size: 17KB

.textbss
Size: - Virtual size: 251KB

.text
Size: 553KB - Virtual size: 552KB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 6KB - Virtual size: 19KB

.pdata
Size: 32KB - Virtual size: 32KB

.idata
Size: 21KB - Virtual size: 21KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 18KB - Virtual size: 17KB