8bbcee20a86f3b3b6a9f316af699e42294cc83cd87ed81b55d2ab3da7dcd670d

Sharing

Copy URL Twitter E-mail

General

Target

8bbcee20a86f3b3b6a9f316af699e42294cc83cd87ed81b55d2ab3da7dcd670d
Size

2.1MB
MD5

7be1a0ec22e22fd9f476f4f5fbdc9d4a
SHA1

6bd3edbe10eb1e16f1f00b549f9e241e4d02dcbb
SHA256

8bbcee20a86f3b3b6a9f316af699e42294cc83cd87ed81b55d2ab3da7dcd670d
SHA512

66849a92e2cca17e1be14a97c6754170ac7b7a84cd9784e71ef0f0fd348d3e7c4c83fc500a83a1685db27aaef87d3b201ed5560f6afc222662bacbdb2bbdf80d
SSDEEP

49152:JhQKG0f0I2PtTaBtctiodNmr1hOPy7NrF+p551erAf:+0fSPhaBtSzmLn7Nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bbcee20a86f3b3b6a9f316af699e42294cc83cd87ed81b55d2ab3da7dcd670d

Files

8bbcee20a86f3b3b6a9f316af699e42294cc83cd87ed81b55d2ab3da7dcd670d
.dll windows:5 windows x86 arch:x86

034ca1cf7732d55071628d2f883d6d1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenA
LoadLibraryA
FindNextFileW
GetCommandLineA
DeleteCriticalSection
DecodePointer
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
OutputDebugStringA
GetTempPathW
WinExec
CallNamedPipeA
GetModuleFileNameW
OutputDebugStringW
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
FindClose
FindFirstFileW
ReadFile
DeleteFileW
SwitchToThread
WriteFile
SetEndOfFile
CreateFileA
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetUserDefaultLCID
IsValidLocale
GetFullPathNameW
GetCurrentDirectoryW
GetACP
GetConsoleCP
ReadConsoleW
ExitProcess
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
FileTimeToSystemTime
LocalFree
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
GlobalMemoryStatus
GetFileSizeEx
WaitForSingleObject
GetExitCodeProcess
Sleep
CreateProcessW
OpenProcess
TerminateProcess
GetCurrentProcessId
GetDriveTypeW
GetCurrentThreadId
GetFileAttributesW
SystemTimeToFileTime
SetFileTime
CreateDirectoryW
SetLastError
FormatMessageA
SetFilePointerEx
InitializeCriticalSection
GetFileAttributesA
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
ExpandEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
FlushConsoleInputBuffer
GetSystemTime
IsDebuggerPresent
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
GetCPInfo
CompareStringW

user32

wsprintfW
GetSystemMetrics
wsprintfA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptExportKey
CryptDecrypt
CryptCreateHash
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DuplicateTokenEx
CheckTokenMembership
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptDestroyHash
CryptSignHashW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CryptEnumProvidersW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantClear

ws2_32

select
__WSAFDIsSet
socket
WSAGetLastError
sendto
setsockopt
send
bind
closesocket
connect
getpeername
recvfrom
listen
WSASetLastError
freeaddrinfo
getaddrinfo
WSACleanup
getsockname
getsockopt
htons
ntohs
WSAIoctl
WSAStartup
ioctlsocket
gethostname
shutdown
htonl
accept
gethostbyname
getservbyname
recv

wldap32

ord208
ord46
ord14
ord216
ord145
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord219

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertOpenStore

shlwapi

PathAppendW
PathFileExistsW
PathFileExistsA
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
PathRemoveBackslashW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

Exports

Exports

InstallReport
InstallSelected
KillInstallFolderProcess
ReleaseObjects
SetUninstallData

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034ca1cf7732d55071628d2f883d6d1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

crypt32

shlwapi

version

iphlpapi

wtsapi32

psapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 46KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 46KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 72KB - Virtual size: 72KB