9c43a25195c890f063d63cfcd43ac9b07c7ce6c2a103edb1b14b5d715e761c13

Sharing

Copy URL Twitter E-mail

General

Target

9c43a25195c890f063d63cfcd43ac9b07c7ce6c2a103edb1b14b5d715e761c13
Size

3.3MB
MD5

86aa7322bc68306513df6af5b3b88165
SHA1

4f5bb8b781d7e8794348c6dc50594deafa8d5d10
SHA256

9c43a25195c890f063d63cfcd43ac9b07c7ce6c2a103edb1b14b5d715e761c13
SHA512

577f8450458a57f9abeb47e1cb57c3c3b93e7d0e8799b43da9598d6f5c07bacd460a8987042e956ae5944f3c2869273f4a45ed1f84f1003a6e42b2596f9fcd6b
SSDEEP

49152:Tg6uUX+iEySM0/OlbJ4tNTqyy9bvXeGpyKmP4C1p3D8FP2Vcq6mjh+c3wJYUw:Tg6uORlbJy1+vmbAEV7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c43a25195c890f063d63cfcd43ac9b07c7ce6c2a103edb1b14b5d715e761c13

Files

9c43a25195c890f063d63cfcd43ac9b07c7ce6c2a103edb1b14b5d715e761c13
.dll windows:6 windows x86 arch:x86

040157f32120d052f025fcf29516f090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

listen
htonl
getsockname
connect
bind
recv
select
__WSAFDIsSet
socket
htons
WSAIoctl
accept
gethostname
ioctlsocket
getpeername
setsockopt
inet_ntop
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getaddrinfo
sendto
recvfrom
freeaddrinfo

crypt32

CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetIntendedKeyUsage
CertCloseStore
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext

wldap32

ord22
ord301
ord35
ord32
ord27
ord26
ord41
ord79
ord50
ord45
ord60
ord211
ord200
ord46
ord33
ord217
ord30
ord143

normaliz

IdnToAscii

kernel32

GetCurrentProcess
SwitchToThread
GetSystemInfo
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
SwitchToFiber
DeleteFiber
CreateFiber
CreateFileW
DeleteFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
LoadLibraryW
GetACP
OutputDebugStringA
GetCurrentThread
GetVersionExW
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
SetEvent
CreateEventW
SetThreadPriority
DuplicateHandle
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GlobalUnlock
GlobalFree
MulDiv
EncodePointer
GetSystemDirectoryW
FreeResource
GlobalFindAtomW
CompareStringW
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
Sleep
GetFullPathNameW
GetVolumeInformationW
FileTimeToSystemTime
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEndOfFile
GetFileSizeEx
FindNextFileA
GetCPInfo
FindClose
CreateFileA
SearchPathW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
SetFileAttributesW
GetFileAttributesW
FormatMessageW
SetLastError
WriteFile
GetFileType
GetEnvironmentVariableW
GetStdHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoA
CreateProcessA
PeekNamedPipe
CreatePipe
CloseHandle
ReadFile
GetEnvironmentVariableA
OutputDebugStringW
GetExitCodeThread
TryEnterCriticalSection
SetFilePointerEx
LocalFree
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetNativeSystemInfo
GetComputerNameExW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
AreFileApisANSI
LCMapStringW
GetStringTypeW
ReleaseSemaphore
GetModuleFileNameA
SetEnvironmentVariableA
RemoveDirectoryW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualAlloc
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx

user32

DestroyMenu
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
CharUpperW
LoadCursorW
GetSysColorBrush
GetSystemMetrics
ReleaseDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
IsDialogMessageW
SetWindowTextW
ShowWindow
MonitorFromWindow
WinHelpW
LoadIconW
UnhookWindowsHookEx
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetMonitorInfoW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetFocus
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
EnableWindow
SetCursor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageW
PostQuitMessage
PostMessageW
GetParent
OffsetRect
SetRectEmpty
GetClientRect
SendDlgItemMessageA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
UnregisterClassW
BeginDeferWindowPos

gdi32

DeleteObject
ScaleWindowExtEx
ScaleViewportExtEx
GetObjectW
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteDC
CreateBitmap
GetDeviceCaps
SetBkColor
SetTextColor

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteW
SHGetKnownFolderPath

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString

iphlpapi

GetIfTable2
GetAdaptersAddresses
FreeMibTable

bcrypt

BCryptGenRandom

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

PlugInMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

040157f32120d052f025fcf29516f090

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

iphlpapi

bcrypt

oleacc

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 675KB - Virtual size: 675KB

.data Size: 40KB - Virtual size: 65KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 118KB - Virtual size: 118KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 675KB - Virtual size: 675KB

.data
Size: 40KB - Virtual size: 65KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 118KB - Virtual size: 118KB