2143b221e55e31df19f09bc2633e9283f1f42e9e941e92397ea6a3206b2c9987

Sharing

Copy URL Twitter E-mail

General

Target

2143b221e55e31df19f09bc2633e9283f1f42e9e941e92397ea6a3206b2c9987
Size

1.3MB
MD5

97e0730623700af46c184eaf8f6131bf
SHA1

bf7c5914932e3d20493671d14264c92f2f730b60
SHA256

2143b221e55e31df19f09bc2633e9283f1f42e9e941e92397ea6a3206b2c9987
SHA512

fdaae4c4ba5f51340a622259173deac67a31b2c5cfbd772ee0f9f742e0ea8973132f5281459b0ac7482a86abc6902081cf4093e4a2ce270759d9157057253fe3
SSDEEP

24576:rBQykGvJ+SxgSWlEtig55uaT4Qth6cOccmTJH58pvxPR:N7+SGxEtBjua0ZccmTh58xxZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2143b221e55e31df19f09bc2633e9283f1f42e9e941e92397ea6a3206b2c9987

Files

2143b221e55e31df19f09bc2633e9283f1f42e9e941e92397ea6a3206b2c9987
.dll windows:6 windows x64 arch:x64

6b8f1576175663c6832e9cc55b94ad7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libudf

ord13
ord14
ord15

kernel32

DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WriteFile
ReadFile
GetStdHandle
GetLastError
GetFileInformationByHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
OpenEventW
CloseHandle
GetCurrentProcess
GetProcessTimes
CompareFileTime
GetProcAddress
SetConsoleCtrlHandler
GetModuleHandleW
LoadLibraryW
GetConsoleMode
SetConsoleMode
FreeLibrary
GetModuleFileNameW
FormatMessageW
LocalFree
CreateDirectoryW
SetFileTime
CreateFileW
GetTempPathW
GetCurrentDirectoryW
SetLastError
MoveFileW
MultiByteToWideChar
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetLogicalDriveStringsW
FindClose
GetModuleHandleA
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
DeviceIoControl
GetDiskFreeSpaceW
FileTimeToSystemTime
GlobalMemoryStatusEx
GetSystemInfo
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
WaitForSingleObject
SetEvent
InitializeCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
DisableThreadLibraryCalls
DecodePointer
EncodePointer
IsProcessorFeaturePresent
WideCharToMultiByte
Sleep
LoadLibraryA
SetCurrentDirectoryW
IsDebuggerPresent
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA

user32

LoadStringA
CharUpperW
CharPrevExA

advapi32

GetFileSecurityW
AdjustTokenPrivileges
SetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken

oleaut32

SysAllocStringLen
SysAllocStringByteLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

msvcr120

__iob_func
fwrite
realloc
_purecall
memmove
_isatty
_fileno
fputs
fflush
feof
_wfopen
fgetc
fclose
fputc
fopen
_beginthreadex
_ftelli64
_fseeki64
fread
ferror
_wmkdir
_wremove
malloc
_waccess_s
??_U@YAPEAX_K@Z
strncpy
_wstat64
_strdup
memcpy
memset
_vsnprintf
?terminate@@YAXXZ
__C_specific_handler
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
calloc
free
sprintf
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
_CxxThrowException
__CxxFrameHandler3
memcmp
??8type_info@@QEBA_NAEBV0@@Z
strcmp

msvcp120

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z

Sections

.text
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8f1576175663c6832e9cc55b94ad7f

Headers

DLL Characteristics

File Characteristics

Imports

libudf

kernel32

user32

advapi32

oleaut32

msvcr120

msvcp120

Sections

.text Size: 1002KB - Virtual size: 1002KB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 17KB - Virtual size: 46KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1002KB - Virtual size: 1002KB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 17KB - Virtual size: 46KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB