5327178e7293d58c100ee78625af11dbd6153098fd489f3792b8898e07be0bdc

Sharing

Copy URL Twitter E-mail

General

Target

5327178e7293d58c100ee78625af11dbd6153098fd489f3792b8898e07be0bdc
Size

4.4MB
MD5

663e29b784b5ca4a7774d04ed8bffbbc
SHA1

c2c38435562ebcc45a33c45d20836b7bd0fdd765
SHA256

5327178e7293d58c100ee78625af11dbd6153098fd489f3792b8898e07be0bdc
SHA512

974f672dce81b72c9811915724c975724f7740d9825938462a95b069716894820b936cdf662fde4ad39bab7c340053cfadc2c338f6de72409ffe271e4f495d92
SSDEEP

49152:rRoIXTjhvLvrkST8YLOCTGF+ZhAM6cmAnTy1KR5D4dj4eC6MYB7pwKkvUTJVDCT8:UCTGFBgmA2Mynl450AY6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5327178e7293d58c100ee78625af11dbd6153098fd489f3792b8898e07be0bdc

Files

5327178e7293d58c100ee78625af11dbd6153098fd489f3792b8898e07be0bdc
.dll windows:6 windows x64 arch:x64

13d917fc157e6bc415fd68f9115482fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
OpenProcess
GetFileSize
ReadFile
SetFilePointer
GetVersion
GetSystemInfo
GetTickCount
VirtualAlloc
VirtualFree
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceA
IsBadReadPtr
WriteFile
WaitForSingleObject
CreateProcessA
GetTempPathA
GetLastError
ReleaseSemaphore
GetSystemDirectoryA
FreeLibrary
GlobalAlloc
GlobalUnlock
LocalLock
LocalFree
CreateSemaphoreA
GetPrivateProfileStringA
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
lstrlenA
lstrcmpiA
GetVersionExA
DeviceIoControl
CloseHandle
CreateFileA
lstrcpyA
GetLocalTime
GetSystemTime
GetCurrentProcessId
lstrcatA
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
DuplicateHandle
lstrcpynA
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
HeapSize
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetExitCodeProcess
CreatePipe
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcessHeap
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
CompareStringW
LCMapStringW
LoadLibraryExW
HeapReAlloc
GetStringTypeW
GetFileAttributesExW
OutputDebugStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GlobalMemoryStatus
LoadLibraryW
GetVersionExW
FindFirstFileA
FindClose
LoadLibraryA
LoadLibraryExA
GetModuleHandleA
IsDebuggerPresent
GetModuleFileNameA

user32

GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
LoadCursorA
SetCursor
MessageBoxA
wsprintfA
MessageBoxW

advapi32

RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
ReportEventW

netapi32

Netbios

Exports

Exports

vKeymanGetBoxes
vKeymanGetLicenses
vKeymanGetRemoteContextBuffer
vKeymanGetRemoteContextFile
vKeymanGetSerial
vKeymanSetRemoteUpdateBuffer
vKeymanSetRemoteUpdateFile

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fuck0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13d917fc157e6bc415fd68f9115482fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 405KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1.1MB - Virtual size: 1.2MB

.pdata Size: 18KB - Virtual size: 18KB

.fuck0 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 13KB - Virtual size: 13KB

.rsrc Size: 794KB - Virtual size: 793KB

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1.1MB - Virtual size: 1.2MB

.pdata
Size: 18KB - Virtual size: 18KB

.fuck0
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 794KB - Virtual size: 793KB