0e4cfd61ee20988bf56a2b5d1c4e0ace82a3865bc1cfe9f81957521e99bb45b6

Sharing

Copy URL Twitter E-mail

General

Target

0e4cfd61ee20988bf56a2b5d1c4e0ace82a3865bc1cfe9f81957521e99bb45b6
Size

728KB
MD5

e48923b697f599a8552d80a350b29110
SHA1

d8b38bfa091442ed4c3d1d7bb849c5be043e5d1b
SHA256

0e4cfd61ee20988bf56a2b5d1c4e0ace82a3865bc1cfe9f81957521e99bb45b6
SHA512

3ccb8a91045ee7ac666687e96e3b887073e9cbbc7d428a60086cd92cc030b43f8d406b7fdcca79e3fe3d31f5ee2180cbc20055614f58412b5e23179334fe8a78
SSDEEP

12288:zNYUYh9yz5jMBitsBPi6bYvwqNYskfpyMvJhFdAjcDkofowPXQfmapMkrZt:Cfh98jd67eYs6yru7R23rZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e4cfd61ee20988bf56a2b5d1c4e0ace82a3865bc1cfe9f81957521e99bb45b6

Files

0e4cfd61ee20988bf56a2b5d1c4e0ace82a3865bc1cfe9f81957521e99bb45b6
.dll windows:4 windows x64

d3ec0f4ce5cbf815ba79c8a06a7976d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RaiseException
RtlAddFunctionTable
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateProcessA
CreateToolhelp32Snapshot
DuplicateHandle
ExitProcess
FormatMessageW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WriteConsoleW
WriteProcessMemory

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
signal
strncmp
vfprintf

ntdll

memcmp
memcpy
memmove
memset
strlen
NtReadVirtualMemory
NtWriteFile
RtlNtStatusToDosError

gdi32

EnumFontFamiliesW

psapi

EnumProcessModulesEx
GetModuleBaseNameW

user32

GetDC

Exports

Exports

GetArphaCrashReport
GetArphaUtils
SetWindowLocalDump

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 131B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3ec0f4ce5cbf815ba79c8a06a7976d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

gdi32

psapi

user32

Exports

Exports

Sections

.text Size: 298KB - Virtual size: 298KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 406KB - Virtual size: 406KB

.pdata Size: 5KB - Virtual size: 4KB

.xdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 131B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 298KB - Virtual size: 298KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 406KB - Virtual size: 406KB

.pdata
Size: 5KB - Virtual size: 4KB

.xdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 131B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB