81e344c355a48c950a5872c6f11fe66eb11c867a70278624f15765efb58d9bc7

Sharing

Copy URL

Twitter E-mail

General

Target

81e344c355a48c950a5872c6f11fe66eb11c867a70278624f15765efb58d9bc7
Size

667KB
MD5

9f0b3e67b011a3fcd01c8a28b5f2c931
SHA1

e52e5c3191b8e149da7a9cf0cb447599debde628
SHA256

81e344c355a48c950a5872c6f11fe66eb11c867a70278624f15765efb58d9bc7
SHA512

3565b1d42b03f0180f9a10c85a611d3bc292646f4a1c721f933a9f6fe8a6d4967c1fb20091846e45c5443a751844f7ef8276662511ae4885500f8bbb3502a213
SSDEEP

12288:IBUMaWx0Ly7+T4362IAzQg41ZKTSkcETJtxQT/1xDY/7v8ap4U:IEm0LBwM1ABJty1hJC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81e344c355a48c950a5872c6f11fe66eb11c867a70278624f15765efb58d9bc7

Files

81e344c355a48c950a5872c6f11fe66eb11c867a70278624f15765efb58d9bc7
.dll windows:6 windows x86

38508209f9a29d5b6d018b2eca6036fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
CreateEventW
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
ResumeThread
FindClose
FindFirstFileW
FindNextFileW
CreateProcessW
LoadLibraryExW
lstrcmpiW
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FreeConsole
GetCurrentThreadId
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
WriteFile
GetPrivateProfileStringW
DeviceIoControl
FindNextFileA
GetFileSizeEx
ProcessIdToSessionId
WaitForSingleObjectEx
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
LocalFree
LocalAlloc
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
OutputDebugStringW
FindResourceExW
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
CopyFileW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
DeleteFileW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
lstrcmpW
OpenProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
ReleaseMutex
CreateMutexW
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA

user32

wsprintfW

advapi32

RegCreateKeyW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegGetValueW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal

shlwapi

StrCmpIW
PathFindExtensionW
PathIsRelativeW
wnsprintfW
StrToInt64ExW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
SHGetValueW
PathIsDirectoryW
wvnsprintfW
StrStrIW
SHGetValueA
SHSetValueA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

accept
bind
connect
htonl
listen
recv
send
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
closesocket
htons

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSetOption

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToCacheFileW

Exports

Exports

CLSE
CLSEI
CP
CS
CSEX
DS
SM
SMET

Sections

.text
Size: 494KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38508209f9a29d5b6d018b2eca6036fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

ws2_32

version

winhttp

crypt32

wintrust

urlmon

Exports

Exports

Sections

.text Size: 494KB - Virtual size: 493KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 494KB - Virtual size: 493KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB