abb27f2dd2b3756d9e6efb92cccf87be5e48d91940307d5c2e022cd8ec7495b3

Sharing

Copy URL Twitter E-mail

General

Target

abb27f2dd2b3756d9e6efb92cccf87be5e48d91940307d5c2e022cd8ec7495b3
Size

529KB
MD5

cade4b3adc8bc8a07e700f28f17ac2dd
SHA1

9a7a7fa5415f8a9abb2371e6bf8c1ef2bcc9bbc4
SHA256

abb27f2dd2b3756d9e6efb92cccf87be5e48d91940307d5c2e022cd8ec7495b3
SHA512

137307e4ba6f4c195fc9996cbc229d6df7f916110ef888c28870ccc5e9c304347399baf5644658d57b5dd5ef8327382ea4841531d46784de6d36cee6d28b71d9
SSDEEP

12288:Xl4SYMo8dOUDYuzQMRLf+r264Cj3RyYRghkzw4y9/Uno1K:XtIMRLf+r264CjBRKhkzTrnF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abb27f2dd2b3756d9e6efb92cccf87be5e48d91940307d5c2e022cd8ec7495b3

Files

abb27f2dd2b3756d9e6efb92cccf87be5e48d91940307d5c2e022cd8ec7495b3
.dll windows:6 windows x64

15f0e09c6978f15c21c7d4cb25c0b6f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
FindNextFileW
FindClose
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateMutexW
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetModuleFileNameW
EnterCriticalSection
GetStdHandle
TerminateProcess
SetThreadPriority
LeaveCriticalSection
GetCurrentThreadId
FormatMessageW
GetTickCount64
GetCurrentThread
GetThreadPriority
GetProcAddress
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleW
GetSystemTimeAsFileTime
IsDebuggerPresent
FlushFileBuffers
FreeLibrary
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCurrentProcessId
GetFileSize
Sleep
CreateFileW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
CloseHandle
SetEvent
GetLastError
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
GetCurrentProcess
ExitProcess
SetLastError

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey

ws2_32

gethostbyaddr
send
socket
connect
recv
getsockopt
htons
freeaddrinfo
ioctlsocket
setsockopt
WSASetLastError
shutdown
WSAGetLastError
WSAStartup
getaddrinfo
select
gethostbyname
closesocket
__WSAFDIsSet
WSACleanup
inet_addr

msacm32

acmStreamClose
acmStreamOpen
acmStreamPrepareHeader
acmStreamSize
acmStreamConvert
acmStreamUnprepareHeader

crypt32

CertGetCertificateChain
CertVerifyTimeValidity
CertVerifyRevocation
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

secur32

FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleW
QueryContextAttributesW
DeleteSecurityContext
EncryptMessage

Exports

Exports

Close
Create
DecodeBlock
DeleteATag
Destroy
Get
Open
Set
SetPosition

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15f0e09c6978f15c21c7d4cb25c0b6f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msacm32

crypt32

secur32

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 5KB - Virtual size: 23KB

.pdata Size: 16KB - Virtual size: 16KB

.gxfg Size: 5KB - Virtual size: 5KB

.gehcont Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 5KB - Virtual size: 23KB

.pdata
Size: 16KB - Virtual size: 16KB

.gxfg
Size: 5KB - Virtual size: 5KB

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB