aa2c3f6904cddfe9f9362d1b23c9e0d7788c5028ccbc8c2c60456b51dbacb062

Sharing

Copy URL

Twitter E-mail

General

Target

aa2c3f6904cddfe9f9362d1b23c9e0d7788c5028ccbc8c2c60456b51dbacb062
Size

721KB
MD5

ff2d831360e960dd3188a26489b154ac
SHA1

54cba80348f40367daa6109114c8794bbf5d561a
SHA256

aa2c3f6904cddfe9f9362d1b23c9e0d7788c5028ccbc8c2c60456b51dbacb062
SHA512

599a626f6a15059ee69a61ecc77f79326cee444cc3e54eedcd410b14551bfde32d0d5600cde653b165b08c2ebf5bd7b02043d6bebb2aeeb2454050082b7e17ee
SSDEEP

12288:C2uNkMNJNPwx+ZmkSnGODpQb2LEBkudYiI8ut7m4sT2LWKl7twY:CQMucmrzd3udFC3saLn72Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa2c3f6904cddfe9f9362d1b23c9e0d7788c5028ccbc8c2c60456b51dbacb062

Files

aa2c3f6904cddfe9f9362d1b23c9e0d7788c5028ccbc8c2c60456b51dbacb062
.dll windows:6 windows x86

0b921e0676abfa526f6828ea6e1f027c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
FindClose
FindFirstFileW
FindNextFileW
CreateProcessW
LoadLibraryExW
lstrcmpiW
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FreeConsole
GetCurrentThreadId
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
WriteFile
GetPrivateProfileStringW
DeviceIoControl
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
CreateEventW
SetEvent
LocalFileTimeToFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
lstrcmpW
OpenProcess
ProcessIdToSessionId
WaitForSingleObjectEx
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
LocalFree
LocalAlloc
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
SetEndOfFile
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
InterlockedDecrement
InterlockedIncrement
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetVersionExW
InitializeSListHead
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
InitializeCriticalSection
GetProcessHeap
HeapSize
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
FindFirstFileExA
ReadConsoleW
DecodePointer
OutputDebugStringW
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
ReleaseMutex
CreateMutexW
DeleteFileW
CopyFileW
GetFileSizeEx
FindNextFileA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW

user32

wsprintfW

advapi32

QueryServiceStatusEx
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
LockServiceDatabase
OpenSCManagerW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenServiceW
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
UnlockServiceDatabase
StartServiceW
QueryServiceConfigW
QueryServiceStatus
QueryServiceLockStatusW
ChangeServiceConfigW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CreateStreamOnHGlobal

shlwapi

SHGetValueW
PathIsRelativeW
PathFindExtensionW
StrCmpIW
PathIsDirectoryW
PathCombineW
PathFileExistsW
PathAppendW
wvnsprintfW
StrToInt64ExW
StrStrIA
SHGetValueA
SHSetValueA
StrCmpNIW
wnsprintfW
StrTrimA
StrStrIW
PathFindFileNameW
PathRemoveFileSpecW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

socket
shutdown
send
recv
listen
htons
htonl
connect
closesocket
bind
accept
WSAStartup
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
WSACleanup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpConnect
WinHttpReadData

wininet

InternetGetConnectedState

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

CLSE
CLSEI
CP
CS
CSEX
DS
SM
SMET

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b921e0676abfa526f6828ea6e1f027c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

ws2_32

version

winhttp

wininet

crypt32

wintrust

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 540KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 540KB - Virtual size: 540KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB