f5dea16ddf016590f493254c4717f94754380a3c767898a2ef0df6b19c50b7af

Sharing

Copy URL

Twitter E-mail

General

Target

f5dea16ddf016590f493254c4717f94754380a3c767898a2ef0df6b19c50b7af
Size

786KB
MD5

d68ba01bd6938145929e55bebd75f502
SHA1

78b8c5e115da2838db31f7313eee0fb3b02f3f91
SHA256

f5dea16ddf016590f493254c4717f94754380a3c767898a2ef0df6b19c50b7af
SHA512

6684e810b38aaed715ee399c423d2912be14758b90b730c50a1f849a37154c04e8f56382cbbf593aae9924a32ed485e5a5aac30cf8c626dd26ff3b22782cef86
SSDEEP

12288:xPGZgjkXi7AfTvEFL2sxpln1wyxU2mhXG5ko6GJ5+cobTKMz:xuJUUTsFLdxpl1wyxU2MXvb456br

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5dea16ddf016590f493254c4717f94754380a3c767898a2ef0df6b19c50b7af

Files

f5dea16ddf016590f493254c4717f94754380a3c767898a2ef0df6b19c50b7af
.dll windows:6 windows x86 arch:x86

Password: ciaone123

ac7967a6d372a88ff9c407ebbe368712

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetShellWindow
GetDoubleClickTime
GetForegroundWindow
GetDialogBaseUnits

kernel32

OutputDebugStringW
GetThreadUILanguage
GetLargePageMinimum
AreFileApisANSI
GetNumaHighestNodeNumber
CreateDirectoryW
SetThreadAffinityMask
GetStartupInfoW
ReadFile
GetModuleFileNameA
SizeofResource
TryEnterCriticalSection
GetOEMCP
SetThreadLocale
CompareFileTime
GlobalHandle
FindFirstFileW
CreateTimerQueueTimer
HeapCreate
GetBinaryTypeW
CompareStringW
TlsSetValue
VirtualProtect
GetConsoleScreenBufferInfo
HeapFree
SetLastError
EnterCriticalSection
VirtualFree
GetCommandLineW
GetFullPathNameW
FindNextFileW
GetCurrentProcess
lstrlenW
GetStdHandle
ReleaseSemaphore
GetCPInfo
WriteConsoleA
WriteFile
RegisterWaitForSingleObject
GetModuleHandleExW
ExpandEnvironmentStringsW
UnregisterWait
GetShortPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
DeviceIoControl
VirtualAlloc
TerminateProcess
RemoveDirectoryW
GetProcessAffinityMask
LoadLibraryExA
GetModuleFileNameW
WaitForMultipleObjects
GetConsoleCP
SetEnvironmentVariableW
SignalObjectAndWait
EncodePointer
LockFile
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetDynamicTimeZoneInformation
LeaveCriticalSection
InitializeCriticalSection
SetErrorMode
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
InitializeCriticalSectionEx
IsBadStringPtrA
FindClose
GetLocaleInfoW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
FreeLibraryAndExitThread
GetCurrentThreadId
GetVersionExW
ReleaseMutex
GetSystemDirectoryW
GetComputerNameExW
FreeEnvironmentStringsW
ResumeThread
UnmapViewOfFile
DuplicateHandle
HeapValidate
ExitThread
GetModuleHandleA
GetACP
OpenProcess
HeapSize
GetCommandLineA
SetFileAttributesW
IsValidCodePage
GetLogicalDriveStringsW
CreateEventW
ReadConsoleOutputCharacterA
MultiByteToWideChar
GetExitCodeThread
ProcessIdToSessionId
Sleep
GetConsoleMode
GetTempPathA
FormatMessageW
GetTimeZoneInformation
GetDiskFreeSpaceA
CopyFileA
GetLastError
ChangeTimerQueueTimer
GetFileAttributesA
GetFileAttributesExW
FlushFileBuffers
FillConsoleOutputCharacterW
FlushViewOfFile
GlobalSize
CreateFileA
GetUserDefaultLCID
SetEvent
GetLogicalProcessorInformation
GetCurrentThread
InterlockedFlushSList
TerminateThread
LoadLibraryA
ReadConsoleW
WaitForSingleObjectEx
TlsAlloc
LockResource
QueryPerformanceFrequency
GetThreadPriority
DeleteFileA
GlobalAlloc
DeleteFileW
GlobalFree
HeapReAlloc
CloseHandle
RaiseException
FreeConsole
GetSystemInfo
LoadLibraryW
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
GetLocalTime
GetCurrentDirectoryW
SetStdHandle
HeapCompact
SwitchToThread
DecodePointer
HeapDestroy
UnlockFile
SetCurrentDirectoryW
GetWindowsDirectoryW
WriteConsoleW
GetProcAddress
GlobalLock
SetFilePointerEx
UnregisterWaitEx
CreateFileMappingA
LocalFree
GetTimeFormatW
MoveFileExW
LockFileEx
IsProcessorFeaturePresent
WTSGetActiveConsoleSessionId
GetFileSize
DeleteCriticalSection
ExitProcess
VerSetConditionMask
LCMapStringW
GetComputerNameW
SetEnvironmentVariableA
GetCurrentProcessId
UnhandledExceptionFilter
EnumSystemLocalesW
GetProcessHeap
SystemTimeToFileTime
CreateProcessW
IsValidLocale
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
CopyFileW
FlushInstructionCache
WideCharToMultiByte
VerifyVersionInfoW
TlsGetValue
GetThreadTimes
GetTempFileNameW
GetSystemTimeAsFileTime
GetFileType
DeleteTimerQueueTimer
TlsFree
GetSystemTime
FormatMessageA
IsBadReadPtr
DebugBreak
CreateFileMappingW
InterlockedPushEntrySList
SetConsoleCursorPosition
MapViewOfFile
QueryPerformanceCounter
GetStringTypeW
GetDateFormatW
InitializeSListHead
GetTickCount
GetEnvironmentStringsW
GlobalUnlock
SetDllDirectoryW
lstrcmpW
MulDiv
MoveFileW
GetDriveTypeW
GetFileTime
InterlockedPopEntrySList
LoadLibraryExW
IsDebuggerPresent
QueryDepthSList
CreateTimerQueue
SetUnhandledExceptionFilter
GetExitCodeProcess

Exports

Exports

Throw

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: ciaone123

ac7967a6d372a88ff9c407ebbe368712

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 187KB - Virtual size: 186KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 528KB - Virtual size: 527KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 528KB - Virtual size: 527KB

.reloc
Size: 13KB - Virtual size: 13KB