a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f

Sharing

Copy URL

Twitter E-mail

General

Target

a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f
Size

725KB
MD5

fb8c0efba2bf6d6b25acf8c3573a7ca8
SHA1

af8ab0bcbc1807aceb8ec9711fc50e2db86b67d7
SHA256

a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f
SHA512

e6daedd60d2b3f1197fbce5af5bb373153fa99a0a5159c6f13a1ec6b1b10daffbce9aaa06849666507ae6d864bd4eeda6113e25ed67846fd108f8377e2ceb60f
SSDEEP

12288:oZQtSI9y7dfYPJhwkA9/EsQ+1rG6AWy3OKt62xUVmSUEHoeF7LxV4JZXet6I5:BSdfMeNQeG4Kt+UEI8LxVGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f

Files

a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f
.dll windows:6 windows x86

46a2c0416a4a72c2fd5461cd465aadb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
FindClose
FindFirstFileW
FindNextFileW
CreateProcessW
LoadLibraryExW
lstrcmpiW
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FreeConsole
GetCurrentThreadId
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
WriteFile
GetPrivateProfileStringW
DeviceIoControl
GetStdHandle
GetACP
GetModuleFileNameA
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
CreateEventW
SetEvent
LocalFileTimeToFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
lstrcmpW
OpenProcess
ProcessIdToSessionId
WaitForSingleObjectEx
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
LocalFree
LocalAlloc
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
GetDateFormatW
RtlUnwind
CreateMutexW
ReleaseMutex
InterlockedDecrement
InterlockedIncrement
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
OutputDebugStringW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
DeleteFileW
CopyFileW
GetFileSizeEx
FindNextFileA

user32

wsprintfW

advapi32

QueryServiceStatus
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
LockServiceDatabase
OpenSCManagerW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegEnumKeyExW
RegGetValueW
OpenServiceW
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
QueryServiceLockStatusW
ChangeServiceConfigW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CreateStreamOnHGlobal

shlwapi

SHGetValueW
PathIsRelativeW
PathFindExtensionW
StrCmpIW
SHSetValueA
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
wvnsprintfW
StrToInt64ExW
StrCmpNIW
StrTrimA
PathIsDirectoryW
StrStrIA
wnsprintfW
StrStrIW
PathFindFileNameW
SHGetValueA
PathCombineW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

WSAStartup
socket
shutdown
send
recv
listen
htons
htonl
connect
closesocket
bind
accept
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winhttp

WinHttpSetTimeouts
WinHttpSetOption
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpReadData
WinHttpSetCredentials
WinHttpQueryDataAvailable

wininet

InternetGetConnectedState

crypt32

CertGetNameStringW

iphlpapi

GetAdaptersInfo

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

CLSE
CLSEI
CP
CS
CSEX
DS
SM
SMET

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46a2c0416a4a72c2fd5461cd465aadb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

ws2_32

version

winhttp

wininet

crypt32

iphlpapi

wintrust

urlmon

Exports

Exports

Sections

.text Size: 545KB - Virtual size: 544KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 545KB - Virtual size: 544KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 27KB - Virtual size: 27KB