129e2c4d7bf2e07f78e863f3baf7f3b98b8f40da19bef30e36c2570b5eeec2a9

Sharing

Copy URL Twitter E-mail

General

Target

129e2c4d7bf2e07f78e863f3baf7f3b98b8f40da19bef30e36c2570b5eeec2a9
Size

2.1MB
MD5

5b82c70af5ab39afb2a7b94306bd6aa9
SHA1

f7f0e1c82ff78302b692a407ec29e65621edc211
SHA256

129e2c4d7bf2e07f78e863f3baf7f3b98b8f40da19bef30e36c2570b5eeec2a9
SHA512

a1d0f76ef0ca76d89f7cfb38afe8862941cb80ac3836b0dc97dd4186bad5db04a3c4528edf623d09802e549b351f5a995e4e3a1a061b908f9c3e76bac67b0712
SSDEEP

49152:PaSxFpq/3umvzZdkcPalgIR7g4OPR7Nr5+0k1erAf:fFpqPuqzZdX8Rng7Nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
129e2c4d7bf2e07f78e863f3baf7f3b98b8f40da19bef30e36c2570b5eeec2a9

Files

129e2c4d7bf2e07f78e863f3baf7f3b98b8f40da19bef30e36c2570b5eeec2a9
.dll windows:5 windows x86 arch:x86

6754e39783ea08df01c70d7309e22343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenA
LoadLibraryA
FindNextFileW
GetCommandLineA
OutputDebugStringW
DeleteCriticalSection
DecodePointer
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
OutputDebugStringA
GetTempPathW
WinExec
CallNamedPipeA
GetModuleFileNameW
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
FindClose
FindFirstFileW
ReadFile
DeleteFileW
SwitchToThread
WriteFile
SetEndOfFile
CreateFileA
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetUserDefaultLCID
IsValidLocale
GetFullPathNameW
GetCurrentDirectoryW
GetACP
GetConsoleCP
ReadConsoleW
ExitProcess
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
FileTimeToSystemTime
LocalFree
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
GlobalMemoryStatus
GetFileSizeEx
WaitForSingleObject
GetExitCodeProcess
Sleep
CreateProcessW
OpenProcess
TerminateProcess
GetCurrentProcessId
GetDriveTypeW
GetCurrentThreadId
GetFileAttributesW
SystemTimeToFileTime
SetFileTime
CreateDirectoryW
SetLastError
FormatMessageA
SetFilePointerEx
InitializeCriticalSection
GetFileAttributesA
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
ExpandEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
FlushConsoleInputBuffer
GetSystemTime
IsDebuggerPresent
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
GetCPInfo
CompareStringW

user32

wsprintfW
GetSystemMetrics
wsprintfA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptExportKey
CryptDecrypt
CryptCreateHash
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DuplicateTokenEx
CheckTokenMembership
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptDestroyHash
CryptSignHashW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CryptEnumProvidersW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantClear

ws2_32

select
__WSAFDIsSet
socket
WSAGetLastError
sendto
setsockopt
send
bind
closesocket
connect
getpeername
recvfrom
listen
WSASetLastError
freeaddrinfo
getaddrinfo
WSACleanup
getsockname
getsockopt
htons
ntohs
WSAIoctl
WSAStartup
ioctlsocket
gethostname
shutdown
htonl
accept
gethostbyname
getservbyname
recv

wldap32

ord208
ord46
ord14
ord216
ord145
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord219

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertOpenStore

shlwapi

PathAppendW
PathFileExistsW
PathFileExistsA
PathAddBackslashW
PathIsDirectoryW
PathRemoveBackslashW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

Exports

Exports

InstallReport
InstallSelected
KillInstallFolderProcess
ReleaseObjects
SetUninstallData

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6754e39783ea08df01c70d7309e22343

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

crypt32

shlwapi

version

iphlpapi

wtsapi32

psapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 456KB - Virtual size: 456KB

.data Size: 46KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 46KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 72KB - Virtual size: 72KB