669bda93eccaebe4a6da85b49918dc9c946a8da930f17c32253f42799a657555

Sharing

Copy URL Twitter E-mail

General

Target

669bda93eccaebe4a6da85b49918dc9c946a8da930f17c32253f42799a657555
Size

702KB
MD5

77547a18b20341a81e995d56063039d1
SHA1

d84b440320ca2aa325f422f834cc565e1cbb4a7a
SHA256

669bda93eccaebe4a6da85b49918dc9c946a8da930f17c32253f42799a657555
SHA512

a021d57ba5244a00db1f14610ab4d3d57790f3b03114d6232aec75c313377ba09e933b86d0f30c6c004cc231fd8071595a004f7c30c980712d3476110ea097f1
SSDEEP

12288:Pk5/HDODEA5I6M3PysHTOXkMhumCuQJsmHnhddajdHS0qse:UHXvH6sHpmCbKgdduz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669bda93eccaebe4a6da85b49918dc9c946a8da930f17c32253f42799a657555

Files

669bda93eccaebe4a6da85b49918dc9c946a8da930f17c32253f42799a657555
.dll windows:6 windows x86

6a7bae7fb91fd6b6216038e1a1813657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventW
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
ResumeThread
FindClose
FindFirstFileW
FindNextFileW
CreateProcessW
LoadLibraryExW
lstrcmpiW
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FreeConsole
GetCurrentThreadId
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
WriteFile
GetPrivateProfileStringW
DeviceIoControl
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SetEvent
LocalFileTimeToFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
lstrcmpW
OpenProcess
ProcessIdToSessionId
WaitForSingleObjectEx
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
LocalFree
LocalAlloc
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
CreateThread
InterlockedFlushSList
SetFilePointerEx
RtlUnwind
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InitializeSListHead
QueryPerformanceCounter
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
lstrcmpA
GetVersionExW
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
FindResourceExW
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
OutputDebugStringW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
ReleaseMutex
CreateMutexW
DeleteFileW
CopyFileW
GetFileSizeEx

user32

wsprintfW

advapi32

QueryServiceLockStatusW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
LockServiceDatabase
OpenSCManagerW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
OpenServiceW
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateGuid

shlwapi

StrCmpIW
PathFindFileNameW
wnsprintfW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
wvnsprintfW
StrToInt64ExW
SHGetValueW
StrTrimA
PathFindExtensionW
PathIsDirectoryW
PathCombineW
StrStrIW
StrCmpNIW
StrStrIA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

WSAStartup
socket
shutdown
send
recv
listen
htons
htonl
closesocket
bind
accept
WSACleanup
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect

crypt32

CertGetNameStringW

iphlpapi

GetAdaptersInfo

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToCacheFileW

Exports

Exports

CLSE
CLSEI
CP
CS
CSEX
DS
SM
SMET

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a7bae7fb91fd6b6216038e1a1813657

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

ws2_32

version

winhttp

crypt32

iphlpapi

wintrust

urlmon

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 524KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 10KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 524KB - Virtual size: 524KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB