58eb4c68f07c81e49d80ff65faf9dacbc81aaafe209b1c2f8c9b1861889c5420

Sharing

Copy URL Twitter E-mail

General

Target

58eb4c68f07c81e49d80ff65faf9dacbc81aaafe209b1c2f8c9b1861889c5420
Size

115KB
MD5

3e3f0ecb0e9acf4160f193182c2cb1b6
SHA1

0bccd25022aae11cad3abd0c2ae06d7dc7c374ab
SHA256

58eb4c68f07c81e49d80ff65faf9dacbc81aaafe209b1c2f8c9b1861889c5420
SHA512

a18fce1ac415aa9684ae240bc9ab1ae7bb77ea4f5010f60b70b05e06fbea3632dec9a604048dbd52091ec2d46093b65621d1b4fec7e57e42b5350e27316e79cf
SSDEEP

1536:unHtsM1m0tDeEKMA/jFN8qK1Xkz7JtVK07J/nsOLrxKFson:KTZedRN8t2XBVMs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58eb4c68f07c81e49d80ff65faf9dacbc81aaafe209b1c2f8c9b1861889c5420

Files

58eb4c68f07c81e49d80ff65faf9dacbc81aaafe209b1c2f8c9b1861889c5420
.dll windows:5 windows x64

68efd1dc3558ad217efa2f3e77f53054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

tolower
__pctype_func
_time64
strtok
fseek
fread
strcat_s
_errno
strncat_s
fclose
fopen_s
strncmp
strcat
rand
strcmp
malloc
free
strlen
wcsnlen
strnlen
strtol
wctomb_s
_initterm
_iob
fgetpos
_itoa
strcpy_s
___lc_codepage_func
_lock
_unlock
_isatty
fflush
_fileno
?terminate@@YAXXZ
ceil
log10
_clearfp
memcpy
memset
strrchr
__RTDynamicCast
_CxxThrowException
memcmp
__C_specific_handler
__CxxFrameHandler3
memmove
_amsg_exit
__DestructExceptionObject
strncpy
abort
_callnewh
strcpy

crypt32

CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptBinaryToStringA
CryptDecodeObjectEx

kernel32

LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetModuleHandleW
GetCurrentThreadId
LocalFree
ExitProcess
EncodePointer
GetModuleHandleExW
RaiseException
GetCurrentProcess
GetCurrentProcessId
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetComputerNameA
GetACP
GetOEMCP
FreeLibrary
Sleep
FindClose
FindFirstFileA
GetLogicalDrives
GetLastError
GetCurrentDirectoryA
CloseHandle
CreatePipe
WaitForSingleObject
GetStartupInfoA
MultiByteToWideChar
TerminateProcess
ProcessIdToSessionId
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
CreateDirectoryA
DeleteFileA
FindNextFileA
RemoveDirectoryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
PeekNamedPipe

advapi32

GetUserNameA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptGetHashParam
CryptSetHashParam
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CreateProcessAsUserA
LookupAccountSidA
GetTokenInformation

shlwapi

PathCombineA

wininet

InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA

ws2_32

ntohs
ntohl
WSASocketA
WSAStartup
htonl
closesocket
htons
WSACleanup
WSAIoctl

Exports

Exports

export_v1
launch_v0
launch_v1
launch_v2
launch_v3
launch_v4

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68efd1dc3558ad217efa2f3e77f53054

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

crypt32

kernel32

advapi32

shlwapi

wininet

ws2_32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 21KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 476B

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 21KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 476B