ab52075207a5b1a5ff98a9fa5ae721123ec1632f38bc13a3fc9389be64b24db1

Sharing

Copy URL

Twitter E-mail

General

Target

ab52075207a5b1a5ff98a9fa5ae721123ec1632f38bc13a3fc9389be64b24db1
Size

27KB
MD5

29f67935b1e40d87037626f22b9e0945
SHA1

428eae9c22bc986e93865b33c0e9c1d1980be229
SHA256

ab52075207a5b1a5ff98a9fa5ae721123ec1632f38bc13a3fc9389be64b24db1
SHA512

e01576b945220d4be1531a946c8f6a0fb8cacbff64bc426a65a8f7176c4811c374163038d40870277b16d3cf9f1808e4ef8d04d1d62aec84456e57d39904c532
SSDEEP

384:jE+8VeHPZtDM58139coAX+NvWGiR7nX7Xq8Bh/b7gi:jE+q2NOzXzD17gi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab52075207a5b1a5ff98a9fa5ae721123ec1632f38bc13a3fc9389be64b24db1

Files

ab52075207a5b1a5ff98a9fa5ae721123ec1632f38bc13a3fc9389be64b24db1
.dll windows:5 windows x64

5bd4766158cc009a4a9132cbd759b347

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_errno
strrchr
memcpy
memset
__CxxFrameHandler
abort
_callnewh
_CxxThrowException
free

kernel32

IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
GetModuleFileNameA
GetOEMCP
GetCurrentProcess
GetModuleHandleA
GetACP
GetVersionExA
GetProcAddress
GetCurrentProcessId
GetComputerNameA
Sleep
GetLastError
WaitForSingleObject
TerminateProcess
CreateThread
VirtualProtect
ExitThread
ExitProcess
GetCurrentThreadId

advapi32

FreeSid
GetUserNameA
AllocateAndInitializeSid
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CheckTokenMembership

ws2_32

ntohs
WSACleanup
WSAIoctl
closesocket
WSAStartup
WSASocketA
htonl
ntohl

Exports

Exports

launch_v0
launch_v10
launch_v100
launch_v11
launch_v12

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bd4766158cc009a4a9132cbd759b347

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 784KB

.pdata Size: 1024B - Virtual size: 924B

.gfids Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.reloc Size: 512B - Virtual size: 156B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 784KB

.pdata
Size: 1024B - Virtual size: 924B

.gfids
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.reloc
Size: 512B - Virtual size: 156B