b43fbe5adf27e984234a4abff46adc22241bcb5b894ce7b518aa024a4c6556f8

Sharing

Copy URL

Twitter E-mail

General

Target

b43fbe5adf27e984234a4abff46adc22241bcb5b894ce7b518aa024a4c6556f8
Size

1.6MB
MD5

4164fa66f608eb71f038fa7ee6ece5bc
SHA1

d879704e3d4f1ddb97cde3100962dfb684458c27
SHA256

b43fbe5adf27e984234a4abff46adc22241bcb5b894ce7b518aa024a4c6556f8
SHA512

35dbc13c03cb155ad920fc82de78456cc0aa174671a7ac96953693111596be2bd30e4a0d35e2002f66ddc4e3341f90c3a2d71f35607eaca4673e6a5b6b76edb0
SSDEEP

49152:99OveWPCvIe33EJFdf31OO3h8i91IIGmEv:998eWPCQoyb1OO3h5rGt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43fbe5adf27e984234a4abff46adc22241bcb5b894ce7b518aa024a4c6556f8

Files

b43fbe5adf27e984234a4abff46adc22241bcb5b894ce7b518aa024a4c6556f8
.dll windows:5 windows x86 arch:x86

81e6ad7a6c2386582cfe9d38f9d418ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

secur32

InitializeSecurityContextA

lz32

LZSeek
LZInit
LZClose
LZOpenFileW
LZOpenFileA

clusapi

OpenClusterResource
ClusterResourceCloseEnum
ClusterResourceOpenEnum
ClusterRegCreateKey

iphlpapi

EnableRouter
Icmp6ParseReplies
DeleteIpNetEntry

wintrust

CryptCATGetCatAttrInfo
CryptCATEnumerateCatAttr
IsCatalogFile

advapi32

GetKernelObjectSecurity
FreeSid
RegisterEventSourceA
StartServiceA
RegNotifyChangeKeyValue
RevertToSelf
GetSecurityInfo
RegRestoreKeyW
CryptDestroyHash
IsWellKnownSid
IsTokenRestricted
CreateProcessAsUserW
LockServiceDatabase
SaferGetLevelInformation
DuplicateToken
AccessCheckByType
RegEnumKeyExW
GetAce
RegEnumKeyW
AddAce
OpenServiceA
CryptGenRandom
LookupAccountSidA
DeregisterEventSource
BackupEventLogA
InitiateSystemShutdownExW
GetNamedSecurityInfoA
RegDeleteValueW

kernel32

QueryPerformanceCounter
CallNamedPipeW
SetCalendarInfoW
lstrcmpiA
SetUnhandledExceptionFilter
SetConsoleTextAttribute
SetConsoleMode
GetConsoleDisplayMode
GetExitCodeProcess
GetProfileSectionW
GlobalFindAtomA
VirtualUnlock
GetTimeFormatW
WaitForSingleObjectEx
CreateRemoteThread
ClearCommError
SetThreadExecutionState
EnumResourceTypesA
OpenSemaphoreA
DeleteVolumeMountPointW
SetInformationJobObject
GetCurrentActCtx
GetUserGeoID
GetStringTypeExW
DeactivateActCtx
GetProcessShutdownParameters
CreateWaitableTimerW
GlobalMemoryStatusEx
GetCurrentThread
FindNextFileA
ConvertDefaultLocale
lstrcmpiW
GetModuleFileNameW
LoadLibraryA
GetUserDefaultLangID
HeapLock
GetCurrentThreadId
FindFirstVolumeW
IsDBCSLeadByte
SetCommBreak
PurgeComm
WaitCommEvent
WritePrivateProfileStructA
HeapUnlock
GetComputerNameW
TransmitCommChar
GetLocaleInfoW
GetVolumePathNameW
WriteProfileSectionA
LoadLibraryExW
CreateSemaphoreW
GetCPInfo
GetModuleHandleExA
GetConsoleWindow
CopyFileW
GetPrivateProfileStringA
VerLanguageNameW
GetFileType
BuildCommDCBA
AddRefActCtx
Process32First
GetShortPathNameA
GetTempPathW
lstrcpynW

winmm

midiOutGetDevCapsA
timeSetEvent
mixerGetLineControlsW
midiStreamPause
midiOutUnprepareHeader
waveInPrepareHeader
mmioSendMessage
mixerGetDevCapsW

pdh

PdhExpandWildCardPathW

crypt32

CertCreateCertificateChainEngine
CertDuplicateStore
CryptUnregisterOIDFunction
CertAddEncodedCTLToStore
CryptVerifyCertificateSignature
CryptFindCertificateKeyProvInfo
CryptEncodeObject
CertAddCertificateContextToStore
CertFindCTLInStore

winspool.drv

SetPrinterDataW
EnumPrinterDriversW
GetPrintProcessorDirectoryW
GetPrinterDataW
DeletePrinterConnectionW

urlmon

CompatFlagsFromClsid
CoInternetParseUrl
URLOpenBlockingStreamW
CreateAsyncBindCtx
RegisterBindStatusCallback
HlinkSimpleNavigateToString

comdlg32

PageSetupDlgW

comctl32

ImageList_Remove

rpcrt4

RpcBindingSetAuthInfoExW
UuidFromStringW
I_RpcBindingToStaticStringBindingW
RpcServerUseProtseqEpExW
RpcErrorEndEnumeration
NdrConformantArrayUnmarshall
UuidEqual
RpcRevertToSelf
I_RpcReceive
NdrConvert
IUnknown_Release_Proxy

rasapi32

RasEnumConnectionsA
RasGetConnectStatusW
RasDeleteEntryW
RasGetSubEntryPropertiesA

gdi32

RealizePalette
DeleteEnhMetaFile
CreateBitmap
CreateHatchBrush
CreateDCW
CombineRgn
OffsetWindowOrgEx
GetViewportOrgEx
PlayMetaFile
GetStretchBltMode
EnumICMProfilesA
GetTextExtentPointA
OffsetRgn
CreateScalableFontResourceA
MaskBlt

imm32

ImmConfigureIMEW
ImmGetGuideLineW
ImmAssociateContext

netapi32

NetApiBufferFree
NetServerSetInfo
NetUserGetLocalGroups
NetLocalGroupGetInfo
NetApiBufferAllocate
Netbios
NetGroupSetUsers
NetShareEnumSticky
NetShareAdd
NetShareCheck

setupapi

SetupDiGetSelectedDevice
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInstallParamsW
SetupDiClassGuidsFromNameW
CM_Reenumerate_DevNode
CM_Get_Resource_Conflict_Count
SetupGetLineByIndexW
CM_Get_Next_Res_Des
SetupGetSourceInfoW
SetupInitDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDiSetClassInstallParamsA
SetupDiGetClassInstallParamsA
CM_Reenumerate_DevNode_Ex
CM_Is_Dock_Station_Present
SetupDiEnumDeviceInterfaces
SetupGetFileCompressionInfoW
SetupDiDrawMiniIcon
SetupDiDeleteDeviceInterfaceRegKey

ntdsapi

DsMakeSpnW

ws2_32

closesocket
setsockopt
inet_ntoa
sendto
select

mscms

GetColorDirectoryW

msvcrt

wcsspn
perror
abort
iswalnum
_time64
fread

user32

DefFrameProcA
EnumWindows
RealChildWindowFromPoint
OpenClipboard
MsgWaitForMultipleObjectsEx
MapWindowPoints
LoadMenuW
GetLastActivePopup
CheckRadioButton
SetPropW
SetUserObjectInformationW
RegisterClassExA
CharLowerBuffW
IsZoomed
BlockInput
SetWindowContextHelpId
IsCharUpperW
SetProcessWindowStation
LockSetForegroundWindow
GetProcessDefaultLayout
GetUpdateRgn
EnumDesktopsW
SetTimer
CreateCaret
SetWindowPlacement
SendMessageCallbackW
CharNextExA
InflateRect
GetMessageTime
DrawIcon
ValidateRgn
SendMessageCallbackA
FillRect
EqualRect
WaitForInputIdle
IsCharAlphaNumericW
keybd_event
SetThreadDesktop
SetWindowWord
GetCapture

msacm32

acmDriverClose
acmFormatTagEnumW
acmDriverAddW

opengl32

glEvalPoint2
glMultMatrixd

mprapi

MprAdminMIBServerDisconnect
MprConfigTransportGetHandle
MprConfigGetFriendlyName
MprConfigBufferFree
MprAdminInterfaceGetInfo

esent

JetMove
JetEscrowUpdate
JetMakeKey

oleaut32

SafeArrayGetUBound
QueryPathOfRegTypeLi
VarI4FromR8
RevokeActiveObject
LHashValOfNameSys
VarR4FromI4
VarUI1FromStr
VarBstrFromCy
SafeArrayRedim
SysReAllocStringLen

wininet

UnlockUrlCacheEntryFile
InternetReadFile
InternetGetConnectedState
InternetTimeToSystemTimeW
InternetCanonicalizeUrlW
FtpFindFirstFileA

powrprof

GetActivePwrScheme

version

GetFileVersionInfoSizeA

winscard

SCardLocateCardsA
SCardListReadersW
SCardSetCardTypeProviderNameW
g_rgSCardT1Pci
SCardGetStatusChangeW

msvfw32

ICSeqCompressFrameStart
ICDraw
DrawDibBegin
ICInstall

avifil32

AVIStreamRelease
AVIStreamLength

ole32

OleCreateFromFile
CoCreateInstanceEx
OleGetIconOfFile
CoTaskMemAlloc
CoReleaseServerProcess
HGLOBAL_UserUnmarshal
StgOpenPropStg
FreePropVariantArray
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
CLIPFORMAT_UserFree
CoAllowSetForegroundWindow
OleCreateLinkFromData
OleDestroyMenuDescriptor
CoDisconnectObject
MonikerCommonPrefixWith
CoSuspendClassObjects
OleSetContainedObject
CoGetCurrentLogicalThreadId
ReadClassStm
OleCreateLink
SetConvertStg
CLIPFORMAT_UserSize
OleInitialize
CoImpersonateClient

shell32

ExtractAssociatedIconExW

shlwapi

PathSkipRootW
StrStrNIW
SHRegGetUSValueA
StrRStrIA
IntlStrEqWorkerW
SHRegDeleteUSValueW
StrChrW
StrChrIW
PathBuildRootA
PathRemoveBlanksA
PathAddExtensionW
UrlCombineW
SHRegGetValueA
StrRChrIW

Exports

Exports

EeershAfeshsels

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81e6ad7a6c2386582cfe9d38f9d418ed

Headers

File Characteristics

Imports

secur32

lz32

clusapi

iphlpapi

wintrust

advapi32

kernel32

winmm

pdh

crypt32

winspool.drv

urlmon

comdlg32

comctl32

rpcrt4

rasapi32

gdi32

imm32

netapi32

setupapi

ntdsapi

ws2_32

mscms

msvcrt

user32

msacm32

opengl32

mprapi

esent

oleaut32

wininet

powrprof

version

winscard

msvfw32

avifil32

ole32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 732KB - Virtual size: 731KB

CONST Size: 160KB - Virtual size: 156KB

CODE Size: 484KB - Virtual size: 482KB

CRT Size: 136KB - Virtual size: 135KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 732KB - Virtual size: 731KB

CONST
Size: 160KB - Virtual size: 156KB

CODE
Size: 484KB - Virtual size: 482KB

CRT
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB