34b9b55d3d7af336285b40682cb3efd0ead80700beba473f9a6632e9dca2b2b1

Sharing

Copy URL

Twitter E-mail

General

Target

34b9b55d3d7af336285b40682cb3efd0ead80700beba473f9a6632e9dca2b2b1
Size

712KB
MD5

cfddbf0f770bd1aaa564ec497d88b297
SHA1

d66c1883476e01fdcd07dc6a36be8b83cb840ab7
SHA256

34b9b55d3d7af336285b40682cb3efd0ead80700beba473f9a6632e9dca2b2b1
SHA512

e36c5f00054cb06014575a5005226bcdf596cf86f3ff73f86dc004f8d5a74ff79cf46493bff28f294d56afea6789f3dc5fd3de83642d7e2776a18baca13dea6e
SSDEEP

12288:L7xboaJRPoAuTq47Ykvlb6CRtjlZQhc2dX0Imbc4IPE4p30ZcYm:JooJorvbkc2Qc4Ica30Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34b9b55d3d7af336285b40682cb3efd0ead80700beba473f9a6632e9dca2b2b1

Files

34b9b55d3d7af336285b40682cb3efd0ead80700beba473f9a6632e9dca2b2b1
.dll windows:6 windows x86

3330cb5352279e0cd5c126936294f717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
CreateProcessW
LoadLibraryExW
lstrcmpiW
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FreeConsole
OutputDebugStringW
GetCurrentThreadId
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
WriteFile
GetPrivateProfileStringW
DeviceIoControl
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
ResumeThread
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
CreateEventW
SetEvent
LocalFileTimeToFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
lstrcmpW
OpenProcess
ProcessIdToSessionId
WaitForSingleObjectEx
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
LocalFree
LocalAlloc
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetACP
WriteConsoleW
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
CreateMutexW
ReleaseMutex
InterlockedDecrement
InterlockedIncrement
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
OpenFileMappingW
CreateFileMappingW
FindResourceExW
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
UnmapViewOfFile
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
FreeResource
InterlockedCompareExchange
RaiseException
DecodePointer
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
DeleteFileW
CopyFileW
GetFileSizeEx
FindNextFileA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
InitializeSListHead
GetVersionExW
MapViewOfFile

user32

wsprintfW

advapi32

QueryServiceStatusEx
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
LockServiceDatabase
OpenSCManagerW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenServiceW
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
UnlockServiceDatabase
StartServiceW
QueryServiceConfigW
QueryServiceStatus
QueryServiceLockStatusW
ChangeServiceConfigW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoCreateGuid
CreateStreamOnHGlobal

shlwapi

PathIsDirectoryW
StrStrIA
StrStrIW
StrCmpNIW
StrTrimA
SHSetValueA
SHGetValueA
StrToInt64ExW
SHGetValueW
PathIsRelativeW
PathFindExtensionW
StrCmpIW
PathFindFileNameW
wnsprintfW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

accept
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSACleanup
WSAStartup
bind
closesocket
connect
htonl
htons
listen
socket
shutdown
send
recv

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption

wininet

InternetGetConnectedState

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

CallLudashiServiceEx
CallLudashiServiceExInternal
CreateLudashiProcess
CreateSelf
CreateSelfEx
DeleteSelf
LudashiServiceMain
ModifyManualExitTime

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3330cb5352279e0cd5c126936294f717

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

ws2_32

version

winhttp

wininet

crypt32

wintrust

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 539KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 540KB - Virtual size: 539KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 27KB - Virtual size: 26KB