28f49a160bc3cc42c04cdafdf62e8bb4574698ccf8f0853b132c2c2e5962bd3a

Sharing

Copy URL Twitter E-mail

General

Target

28f49a160bc3cc42c04cdafdf62e8bb4574698ccf8f0853b132c2c2e5962bd3a
Size

1.6MB
MD5

4a58a5139f2c881e3d00194cc2f83ad6
SHA1

fc4cc6dc368f953d4e3fc369c931582e259c485a
SHA256

28f49a160bc3cc42c04cdafdf62e8bb4574698ccf8f0853b132c2c2e5962bd3a
SHA512

612acefb128e6617e7be1b1752e463a09e18b805b3deceed17fab69a8118324f8c720dd88ecdc3128f2e7be0750941a5cc4591e375dadb04ee6b136e8ab80de2
SSDEEP

49152:G6J7rKYp4EIApbkQSrYB3uO/6ZbjUBpF1xPy:TJvHbk9ac5u5Vy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f49a160bc3cc42c04cdafdf62e8bb4574698ccf8f0853b132c2c2e5962bd3a

Files

28f49a160bc3cc42c04cdafdf62e8bb4574698ccf8f0853b132c2c2e5962bd3a
.dll windows:5 windows x86 arch:x86

6ff5d87e3dd2d0df8f77d638e54e1f95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lz32

LZOpenFileA
LZInit

advapi32

CryptGetKeyParam
RegEnumKeyA
StartServiceCtrlDispatcherW
RegSaveKeyA
InitializeAcl
ChangeServiceConfig2W

rpcrt4

RpcServerUseProtseqA
RpcSsContextLockExclusive
RpcStringBindingComposeW
I_RpcExceptionFilter
NdrConformantStringBufferSize
RpcBindingInqAuthClientA

opengl32

glGetError
glTexImage1D

wintrust

CryptCATStoreFromHandle
CryptCATGetMemberInfo
CryptCATPutMemberInfo

kernel32

SetEvent
lstrcmpW
ReadConsoleInputW
Module32Next
QueryPerformanceCounter
EnumResourceNamesW
GetSystemPowerStatus
GetExitCodeProcess
WriteConsoleOutputAttribute
IsProcessorFeaturePresent
lstrcpyA
VirtualAlloc
LeaveCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
GetModuleFileNameW
GetBinaryTypeW
LoadLibraryExA
GetCurrentProcessId
WritePrivateProfileStringW
GetFileTime
EnterCriticalSection
lstrcpyW
WaitForSingleObject
GetSystemTimeAsFileTime

msvfw32

ICSendMessage

crypt32

CertGetCertificateContextProperty
CertCreateCertificateContext
CryptFreeOIDFunctionAddress
CertGetCTLContextProperty

ntdsapi

DsFreeNameResultW

iphlpapi

Icmp6CreateFile

gdi32

SelectClipPath
SetBkColor
CancelDC
ExtTextOutW
CloseEnhMetaFile
GetOutlineTextMetricsW
Rectangle
GetArcDirection
PlayMetaFile
GetNearestPaletteIndex

secur32

EncryptMessage

shell32

SHCreateDirectoryExW

winmm

waveOutSetPitch
waveInGetID
midiOutGetDevCapsA
mmioSendMessage

wininet

FindFirstUrlCacheEntryW
PrivacyGetZonePreferenceW
HttpEndRequestW
InternetSetCookieA
CommitUrlCacheEntryA

comctl32

ImageList_SetIconSize

clusapi

CloseClusterResource
ClusterResourceCloseEnum

oleaut32

GetErrorInfo
CreateErrorInfo
SysAllocStringLen
VarBoolFromStr
LPSAFEARRAY_UserSize
LoadTypeLibEx

setupapi

CMP_WaitNoPendingInstallEvents
SetupUninstallNewlyCopiedInfs
CM_Reenumerate_DevNode_Ex
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetClassDescriptionW
SetupPrepareQueueForRestoreW
CM_Get_Res_Des_Data_Size

shlwapi

PathCombineW
GetMenuPosFromID
StrChrIW
StrStrIW
StrChrIA

mprapi

MprAdminInterfaceDelete

user32

GetMenuItemInfoW
BroadcastSystemMessageExW
PostQuitMessage
GetActiveWindow
UpdateWindow
CloseClipboard
DragObject
CharPrevW
DrawStateW
ShowWindow
CharNextExA
LoadBitmapW
MapWindowPoints
FindWindowExA
DialogBoxIndirectParamW
GetMessageExtraInfo
DispatchMessageA
GetAsyncKeyState
GetDlgItem
CreateAcceleratorTableW
FrameRect
CharLowerA
SystemParametersInfoW
CreateWindowExA
GetUserObjectInformationW

ole32

CoSetProxyBlanket
OleGetIconOfClass
HDC_UserMarshal
OleInitialize
OleQueryLinkFromData
CLIPFORMAT_UserMarshal
CoGetCallContext

msvcrt

iswupper
malloc

winspool.drv

EnumPrintProcessorDatatypesW

urlmon

FindMimeFromData

netapi32

NetGroupGetUsers

pdh

PdhCollectQueryData
PdhEnumObjectItemsW

Exports

Exports

EeershAfeshsels

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cmQY
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ff5d87e3dd2d0df8f77d638e54e1f95

Headers

File Characteristics

Imports

lz32

advapi32

rpcrt4

opengl32

wintrust

kernel32

msvfw32

crypt32

ntdsapi

iphlpapi

gdi32

secur32

shell32

winmm

wininet

comctl32

clusapi

oleaut32

setupapi

shlwapi

mprapi

user32

ole32

msvcrt

winspool.drv

urlmon

netapi32

pdh

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 172KB - Virtual size: 172KB

CONST Size: 36KB - Virtual size: 32KB

CODE Size: 100KB - Virtual size: 99KB

CRT Size: 32KB - Virtual size: 28KB

cmQY Size: 68KB - Virtual size: 65KB

.crt0 Size: 964KB - Virtual size: 963KB

.erloc Size: 144KB - Virtual size: 142KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 172KB - Virtual size: 172KB

CONST
Size: 36KB - Virtual size: 32KB

CODE
Size: 100KB - Virtual size: 99KB

CRT
Size: 32KB - Virtual size: 28KB

cmQY
Size: 68KB - Virtual size: 65KB

.crt0
Size: 964KB - Virtual size: 963KB

.erloc
Size: 144KB - Virtual size: 142KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB