b9222e749005ecb7ce29f505b8763c75caf26356521eefa88ba35eca1ac98780

Sharing

Copy URL Twitter E-mail

General

Target

b9222e749005ecb7ce29f505b8763c75caf26356521eefa88ba35eca1ac98780
Size

1.4MB
MD5

1578bf24c0316b56e906560419fd6ee4
SHA1

bc89510e683fee379c6f5aeb4fbe4bda4a93963f
SHA256

b9222e749005ecb7ce29f505b8763c75caf26356521eefa88ba35eca1ac98780
SHA512

8e0c8729c01be453290f1bbebd304dfcd33c62add50b520de8af65c000c2a776e7d34a736a02b6aa5c5febcd070c628209e28d7271f6626cedb5ddb4c4dcdb8b
SSDEEP

24576:PNYB9Tfk78WOJ3yIIpNBuRKjQDkGpefCO0yfbJqnMG4:Pidfk7YDX6CORG4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9222e749005ecb7ce29f505b8763c75caf26356521eefa88ba35eca1ac98780

Files

b9222e749005ecb7ce29f505b8763c75caf26356521eefa88ba35eca1ac98780
.dll windows:6 windows x64 arch:x64

72fef4a9532afd0bcf2f62e3f3805142

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetProcAddress
MultiByteToWideChar
DisableThreadLibraryCalls
GetVersionExA
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
LocalFree
FormatMessageW
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesA
WritePrivateProfileStringW
lstrlenW
lstrcpynW
lstrcpyW
GetPrivateProfileStringW
GetLocaleInfoW
GetNumberFormatW
CreateFileA
GetFileTime
GetFileSize
CloseHandle
CreateFileW
lstrlenA
lstrcpynA
GlobalReAlloc
GlobalFree
lstrcatW
lstrcpyA
lstrcatA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SizeofResource
LockResource
LoadResource
FindResourceW
OutputDebugStringW
GetVolumeInformationW
FindResourceExW
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
CreateDirectoryW
CreateDirectoryA
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersionExW
GetUserDefaultLCID
GetTickCount
GetFullPathNameW
SetFilePointer
WriteFile
SetEndOfFile
SetFileAttributesW
_lcreat
_lwrite
_lclose
LoadLibraryW
FreeLibrary
GetVersion
lstrcmpiW
GetTempFileNameW
FreeResource
GetModuleFileNameW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetTempPathW
SystemTimeToFileTime
CompareFileTime
MoveFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetShortPathNameW
GetUserDefaultLangID
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
EncodePointer
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetCurrentThread
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
OutputDebugStringA
CreateThread
RtlUnwind

user32

MessageBoxW
wsprintfA
OemToCharA
CharToOemA
CharNextW
GetWindowTextW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
PtInRect
ScrollWindowEx
UpdateWindow
SetCursorPos
SetMenu
GetMenuItemCount
GetMenuItemID
DeleteMenu
MonitorFromWindow
CharPrevW
RegisterClipboardFormatW
SetWindowPos
DestroyIcon
GetWindow
EnumWindows
GetDlgItemTextW
SetDlgItemTextW
wsprintfW
InvalidateRect
ReleaseCapture
ClientToScreen
WaitMessage
PeekMessageW
SetCapture
ClipCursor
ScreenToClient
WindowFromPoint
GetCursorPos
GetClientRect
MonitorFromRect
IsWindow
InvalidateRgn
GetParent
ReleaseDC
SystemParametersInfoA
OffsetRect
IntersectRect
GetWindowRect
GetSystemMetrics
EndDialog
DialogBoxParamW
IsIconic
GetWindowPlacement
UnregisterClassW
LoadStringA
SetRectEmpty
SetRect
GetDC
GetWindowLongW
SetWindowLongW
EnumDisplayDevicesW
GetDesktopWindow
SetWindowPlacement
ShowWindow
EqualRect
GetClipboardData
EnumChildWindows
SendMessageW
LoadCursorW
SetCursor
GetWindowLongPtrW
LoadStringW
GetMonitorInfoW
GetSubMenu

gdi32

TranslateCharsetInfo
GetClipBox
PatBlt
CombineRgn
CreateRectRgn
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
GetDeviceCaps
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetStockObject
GetDCOrgEx

shlwapi

PathAppendW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathStripToRootA
PathAddBackslashA
PathStripToRootW
PathAddBackslashW
PathFindFileNameW
StrCmpLogicalW
PathFindExtensionW
StrCpyW
PathFileExistsW
PathAppendA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegEnumKeyW
RegEnumValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegSetValueExW

shell32

SHFileOperationW
ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSettings

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
VariantTimeToSystemTime
VarDateFromStr
SysStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
VariantClear

Exports

Exports

IDP_CloseImage
IDP_GetImageInfo
IDP_GetPageInfo
IDP_GetPlugInInfo
IDP_Help
IDP_Init
IDP_OpenImage
IDP_OpenImageW
IDP_PageDecode
IDP_PageDecodeStart
IDP_PageDecodeStep
IDP_PageDecodeStop
IDP_ShowPlugInDialog

Sections

.text
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72fef4a9532afd0bcf2f62e3f3805142

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

version

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 732KB - Virtual size: 732KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 12KB - Virtual size: 22KB

.pdata Size: 41KB - Virtual size: 41KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 405KB - Virtual size: 405KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 732KB - Virtual size: 732KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 12KB - Virtual size: 22KB

.pdata
Size: 41KB - Virtual size: 41KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 405KB - Virtual size: 405KB

.reloc
Size: 5KB - Virtual size: 5KB