1db6a740a26ef527b3a905b8e8086d3c148bec395c848134900859ff09d55cc9

Sharing

Copy URL Twitter E-mail

General

Target

1db6a740a26ef527b3a905b8e8086d3c148bec395c848134900859ff09d55cc9
Size

7.1MB
MD5

0ead7478773e6b3e9006f3bdfa2119dd
SHA1

403e0044219fa59c8ebd6c82dad8013cb07b06ea
SHA256

1db6a740a26ef527b3a905b8e8086d3c148bec395c848134900859ff09d55cc9
SHA512

57abd628cd2164fba61b12d32b927139f29725c2f53b327bb0ed77b398ac89b43e9bab65384cf9ad52ef3032806cf7a0610e89009cb2282545e7e0c6db164b42
SSDEEP

196608:GJzColboj5Vxw0XIgOQgEsgdpVT/e446EP:GJzColboj5Vxw0XIgOQgK36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1db6a740a26ef527b3a905b8e8086d3c148bec395c848134900859ff09d55cc9

Files

1db6a740a26ef527b3a905b8e8086d3c148bec395c848134900859ff09d55cc9
.dll windows:5 windows x64

3fd95ad73eafd552fa062e48ae42ef88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathIsNetworkPathW
PathMatchSpecW
PathFileExistsW
PathFindFileNameW
StrStrIW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW

kernel32

MoveFileExW
WriteFile
CopyFileW
SizeofResource
FlushFileBuffers
GetProcAddress
MoveFileW
CloseHandle
SetEvent
Sleep
OpenThread
GetWindowsDirectoryW
WritePrivateProfileStringW
LoadResource
GetLocalTime
GetFileSize
lstrlenA
FileTimeToSystemTime
ReadFile
GetComputerNameExW
FileTimeToLocalFileTime
GetCurrentProcessId
OpenProcess
ReadProcessMemory
GetFileTime
DuplicateHandle
SetFilePointer
GetCurrentThreadId
GetUserDefaultLangID
CreateMutexW
GetModuleHandleExW
ReleaseMutex
GetEnvironmentVariableW
VirtualQuery
GetLogicalDriveStringsW
QueryDosDeviceW
FreeLibrary
FindResourceW
FreeResource
CheckRemoteDebuggerPresent
DeleteFileW
IsDebuggerPresent
DisableThreadLibraryCalls
GetTempPathW
CreateFileW
GetModuleFileNameW
LoadLibraryW
IsBadReadPtr
IsBadStringPtrW
GetTempFileNameW
CreateDirectoryW
QueryPerformanceFrequency
SetEnvironmentVariableA
GetCurrentProcess
CreateThread
GetLastError
TerminateThread
GetTickCount
WaitForSingleObject
GetPrivateProfileIntW
GetDiskFreeSpaceW
SetStdHandle
DeviceIoControl
SetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
LockResource
ReleaseSemaphore
CreateSemaphoreW
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
CreateEventW
OpenEventW
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
GetDriveTypeW
SearchPathW
WideCharToMultiByte
GetFileAttributesW
ResumeThread
GetACP
MultiByteToWideChar
GetModuleHandleW
LoadLibraryA
ExpandEnvironmentStringsW
GetVersionExW
GetSystemInfo
lstrcmpiW
OpenMutexW
SetEndOfFile
SetFileTime
FindClose
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
LocalFree
LoadLibraryExW
GetFileInformationByHandle
GetVolumeInformationW
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
GetFullPathNameW
GetSystemDirectoryW
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
lstrcatW
lstrcpyW
GetFileSizeEx
FormatMessageW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GlobalMemoryStatusEx
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThread
GetExitCodeThread
HeapReAlloc
RtlPcToFileHeader
GetStdHandle
GetFileType
WriteConsoleW
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlCaptureStackBackTrace
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCommandLineA
ExitThread
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
FatalAppExitA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
HeapSize
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
InitializeSListHead
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessAffinityMask
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
WaitForMultipleObjectsEx

user32

IsWindow
wsprintfW
GetClassNameW
GetWindowTextW
GetWindowLongW
IsWindowVisible
GetForegroundWindow
GetWindowThreadProcessId
MessageBoxW
UnregisterClassW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

DeregisterEventSource
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetTokenInformation
OpenProcessToken
LookupPrivilegeNameW
ReportEventW
RegisterEventSourceW
ChangeServiceConfigW
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegDeleteValueW
RegFlushKey

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CryptMsgClose
CryptMsgGetParam

ole32

CoUninitialize
CoCreateInstance
CoInitialize

psapi

GetProcessImageFileNameW

Exports

Exports

CreateObject
DestroyObject
ExportFunc1
ExportFunc10
ExportFunc11
ExportFunc12
ExportFunc13
ExportFunc14
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fd95ad73eafd552fa062e48ae42ef88

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

kernel32

user32

advapi32

shell32

crypt32

ole32

psapi

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 231KB - Virtual size: 231KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 231KB - Virtual size: 231KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 8KB