d189e848688a7a2ae9d1da66202c86b734e26d7336e5ca3d4f071094287f2eb9

Sharing

Copy URL Twitter E-mail

General

Target

d189e848688a7a2ae9d1da66202c86b734e26d7336e5ca3d4f071094287f2eb9
Size

995KB
MD5

d908a5618b3ddd52a7813009e371b213
SHA1

c0eee8bf378a18fd0119ac4b88fb477dfb5df57c
SHA256

d189e848688a7a2ae9d1da66202c86b734e26d7336e5ca3d4f071094287f2eb9
SHA512

9c4a0f5e3928548c1e5ba725d073d037f19115985b4045895656ed6d863b1bff141b2cb87a0445e212fbd3866855aa2451da670874d080a83a6d4e19da0851b9
SSDEEP

12288:eWTtbNiPNZ7o5dxUV9Ye8gd6ZLVDXGgy/1qTzF:JT3+NZ7r9Z8ZRD1cqT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d189e848688a7a2ae9d1da66202c86b734e26d7336e5ca3d4f071094287f2eb9

Files

d189e848688a7a2ae9d1da66202c86b734e26d7336e5ca3d4f071094287f2eb9
.dll windows:6 windows x64

2440b8282fca5a18d080a2bf98907466

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
GetSystemInfo
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetLastError
OpenProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetLogicalDriveStringsW
GetModuleFileNameW
GetEnvironmentVariableW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLocalTime
ReadFile
CreatePipe
CreateProcessW
SetEnvironmentVariableA
LoadLibraryW
CreateFileW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
SetFilePointerEx
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
GetProcessHeap
HeapSize
AreFileApisANSI
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateProcessA
GetCommandLineA
GetCPInfo
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CreateSemaphoreW
CreateThread
ExitThread
LoadLibraryExW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
SetEndOfFile

user32

RegisterClassExW
CreateWindowExW
DispatchMessageW
LoadCursorW
MessageBoxW
DestroyWindow
DefWindowProcW
SendMessageW
GetMessageW
GetSystemMetrics
TranslateMessage

shell32

ShellExecuteExW

ole32

CoCreateGuid

ws2_32

send
recv
WSACleanup
WSAAsyncSelect
inet_addr
WSAStartup
connect
closesocket
WSAGetLastError
inet_ntoa
setsockopt
accept
bind
listen
shutdown
htonl
recvfrom
sendto
ntohl
gethostbyname
socket
WSAIoctl
htons

wininet

InternetOpenUrlW
InternetOpenW
InternetReadFile

urlmon

URLDownloadToFileA

psapi

GetProcessImageFileNameW

Exports

Exports

clinkStart
clinkStop
getListenState
setIPWriteLocalFile
setPortConflictAlert
setSourceCode

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2440b8282fca5a18d080a2bf98907466

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

wininet

urlmon

psapi

Exports

Exports

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 15KB - Virtual size: 45KB

.pdata Size: 52KB - Virtual size: 52KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 15KB - Virtual size: 45KB

.pdata
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB