8db27d2357824d1116754b7a6f92c8b3700b1a690df71dd9ab73398da768d476

Sharing

Copy URL Twitter E-mail

General

Target

8db27d2357824d1116754b7a6f92c8b3700b1a690df71dd9ab73398da768d476
Size

577KB
MD5

c988cb1676a8ba26c0e00af59be2edb0
SHA1

5cba246283cf3033342d894e1cb8ae7e40da71eb
SHA256

8db27d2357824d1116754b7a6f92c8b3700b1a690df71dd9ab73398da768d476
SHA512

87df4aad6dbd0c95953043bb8ef795aaff309a17ab5138f1209da0caee2f45dff70e74c9b4c253a04d37a3d97877413bf3dbd4bd1fbdd1639e1e7b557e76bfbc
SSDEEP

12288:leKU/R67R0wPj3J5k2IzpLMtVvdMLFo5i7drb3EdWM7omwKIw:PAi0o3J5ApLM/dMF327oLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db27d2357824d1116754b7a6f92c8b3700b1a690df71dd9ab73398da768d476

Files

8db27d2357824d1116754b7a6f92c8b3700b1a690df71dd9ab73398da768d476
.dll windows:6 windows x86 arch:x86

431c922b846e10250546a52d414be973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
SizeofResource
MultiByteToWideChar
LockResource
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetCurrentProcess
HeapFree
WriteConsoleW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
FormatMessageW
GetStringTypeW
QueryPerformanceCounter
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetCurrentProcessId
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
CreateFileW
SetEvent
WaitForSingleObjectEx
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
DeleteFileW
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetStdHandle
SetEndOfFile
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

wsprintfW

shell32

ord165
SHGetSpecialFolderPathW

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

CreateProductAider

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

431c922b846e10250546a52d414be973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

version

Exports

Exports

Sections

.text Size: 427KB - Virtual size: 426KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 14KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 427KB - Virtual size: 426KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 21KB - Virtual size: 21KB