506431fc5ba7efe1a6f9fb180488f34c6d96a0eaacf3f6536bc845b4b000f868

Sharing

Copy URL Twitter E-mail

General

Target

506431fc5ba7efe1a6f9fb180488f34c6d96a0eaacf3f6536bc845b4b000f868
Size

2.1MB
MD5

b47f46de385d47a1296b1d9a3ea44b0c
SHA1

0de11be100aabf0470cae98a3c3f97c015ab373b
SHA256

506431fc5ba7efe1a6f9fb180488f34c6d96a0eaacf3f6536bc845b4b000f868
SHA512

48cd2afae66fe3fd47e3654fda65fb42a0ed889b2a16afbbaf58441596e96cc92e5b11ff51ae11b46d7c7606f3e5466bdfbc310286250bd927118b2e16880ac7
SSDEEP

24576:yhthQWLq3KvcHLrj2hJJXXPlZ8VvP7JUs+hye8ojSNVhU2vM7keTGd:yhnQikah3lKVv9Us+hyG52vMtGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506431fc5ba7efe1a6f9fb180488f34c6d96a0eaacf3f6536bc845b4b000f868

Files

506431fc5ba7efe1a6f9fb180488f34c6d96a0eaacf3f6536bc845b4b000f868
.dll windows:6 windows x86

f2005f8075addbad6b77c9fc462edda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetLocalTime
GlobalAlloc
GlobalFree
SetEndOfFile
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapQueryInformation
HeapSize
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FormatMessageA
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
LocalFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetCurrentProcessId
InitializeSListHead
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
LoadLibraryW
WaitForSingleObject
RtlUnwind
GetModuleHandleExW
ExitThread
ResumeThread
ExitProcess
CreateProcessW
HeapValidate
GetSystemInfo
GetStdHandle
GetFileType
WriteConsoleW
WriteFile
SetConsoleCtrlHandler
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
RtlCaptureStackBackTrace

user32

SetDlgItemTextA
GetDlgItemTextA
wsprintfA
GetDlgItem
EndDialog
ShowWindow
DialogBoxParamW

netapi32

Netbios

wininet

InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlW
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetQueryOptionW
InternetSetOptionA
InternetSetOptionW
HttpOpenRequestA
InternetAttemptConnect
HttpSendRequestA
InternetOpenW

Exports

Exports

RegisterTdxFunc

Sections

.textbss
Size: - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2005f8075addbad6b77c9fc462edda0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

wininet

Exports

Exports

Sections

.textbss Size: - Virtual size: 791KB

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 16KB - Virtual size: 24KB

.idata Size: 6KB - Virtual size: 5KB

.msvcjmc Size: 1024B - Virtual size: 550B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1024B - Virtual size: 969B

.reloc Size: 65KB - Virtual size: 65KB

.textbss
Size: - Virtual size: 791KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 16KB - Virtual size: 24KB

.idata
Size: 6KB - Virtual size: 5KB

.msvcjmc
Size: 1024B - Virtual size: 550B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1024B - Virtual size: 969B

.reloc
Size: 65KB - Virtual size: 65KB