842fc85ba6868c17ec55883b5d4b700286390da9441c9d6b4eb3de58a4dac283

Sharing

Copy URL Twitter E-mail

General

Target

842fc85ba6868c17ec55883b5d4b700286390da9441c9d6b4eb3de58a4dac283
Size

738KB
MD5

1718c08c02a79ae6cf2051a389c9bd00
SHA1

6a0bc528ebbf6f6fba1a229d2748d51347769b29
SHA256

842fc85ba6868c17ec55883b5d4b700286390da9441c9d6b4eb3de58a4dac283
SHA512

ae649702c84826ec6857bb4a52a6ae8404b2259afc0b2d46cbd599369dd229ced79f8a42b0d544df1bc34682eb67a11b22e88d302f1cd46933addd2051b267e6
SSDEEP

12288:soawhtyybAsLAk4uwXH3XEL0r2xN1Akq88pKJJFXh8x3Z6+vozdCORtIb:s8Es8k3OH3C0rQ6+8pKJJFo3Q+qdCOfI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
842fc85ba6868c17ec55883b5d4b700286390da9441c9d6b4eb3de58a4dac283

Files

842fc85ba6868c17ec55883b5d4b700286390da9441c9d6b4eb3de58a4dac283
.dll windows:5 windows x86

6b0c751615ac53490e2add17eb4f7df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WriteFile
SetLastError
CreateProcessW
GetCurrentProcess
WaitForSingleObject
QueryFullProcessImageNameW
LoadLibraryW
DuplicateHandle
GetComputerNameA
FreeResource
FindResourceW
LoadResource
SetEvent
GetTickCount
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
CreateFileW
FlushFileBuffers
EnterCriticalSection
LockResource
CreateEventW
DeleteCriticalSection
CreateThread
HeapAlloc
GetProcAddress
GetProcessHeap
GetFileAttributesW
TlsFree
TlsSetValue
InterlockedDecrement
LocalFree
SetEndOfFile
OutputDebugStringA
TerminateProcess
OutputDebugStringW
GetLastError
Sleep
CreateMutexW
FileTimeToLocalFileTime
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
lstrlenW
WideCharToMultiByte
HeapFree
GetModuleHandleW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
IsDebuggerPresent
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
ReadFile
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
HeapSize
Process32FirstW
GlobalFree
FileTimeToSystemTime
GlobalAlloc
OpenProcess
TlsGetValue
GetProcessTimes
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
ExitProcess
ExitThread
GetCurrentThreadId
GetCommandLineA
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

user32

EnumWindows
PostMessageW
GetWindowThreadProcessId
SendMessageW
EnumChildWindows

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteExW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString

iphlpapi

SendARP
GetAdaptersInfo
GetAdaptersAddresses

ws2_32

inet_addr

shlwapi

PathFileExistsW
PathFileExistsA
PathRemoveFileSpecW
PathStripPathW

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect

httpapi

HttpInitialize
HttpCreateHttpHandle
HttpTerminate
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpAddUrl

Exports

Exports

EntryPoint
Ext_RunDLL
Start_RunDLL

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b0c751615ac53490e2add17eb4f7df6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

shlwapi

winhttp

httpapi

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 15KB - Virtual size: 44KB

.rsrc Size: 267KB - Virtual size: 267KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 15KB - Virtual size: 44KB

.rsrc
Size: 267KB - Virtual size: 267KB

.reloc
Size: 34KB - Virtual size: 33KB