93476e38f8d4454362afc5f4762a1ce41c698b385659e09876dcf2995fe5db81

Sharing

Copy URL

Twitter E-mail

General

Target

93476e38f8d4454362afc5f4762a1ce41c698b385659e09876dcf2995fe5db81
Size

1.8MB
MD5

5a6ba927a945e87a33a67b8e03913f9b
SHA1

ecd1f825c1201fa156c17dd0865faefa5cae56d8
SHA256

93476e38f8d4454362afc5f4762a1ce41c698b385659e09876dcf2995fe5db81
SHA512

5d8cf0633741402ce7bac4076e771bc680e1963df0a17ed1714a8f2ca7fc9cdf3150c01b85e1e64512b109506af3c238db1b02f204136cc78c6c54bf4f034557
SSDEEP

49152:TxklSaw/Gp3q+D36hlxp15a5xFhe0hqrE:Tesa4SVbU+DQC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93476e38f8d4454362afc5f4762a1ce41c698b385659e09876dcf2995fe5db81

Files

93476e38f8d4454362afc5f4762a1ce41c698b385659e09876dcf2995fe5db81
.dll windows:5 windows x86 arch:x86

469196bdc0bafdb475436e9bb59be6e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA

wintrust

CryptCATAdminRemoveCatalog
CryptSIPRemoveSignedDataMsg
CryptCATHandleFromStore
CryptCATEnumerateCatAttr
CryptCATCDFEnumCatAttributes
IsCatalogFile

oleaut32

VarCyFromR4
SysStringByteLen
VarI4FromDate

secur32

QueryContextAttributesA

iphlpapi

GetIfTable
GetRTTAndHopCount

netapi32

DsGetSiteNameW
NetGroupSetUsers
NetGroupDel
NetSessionDel
NetApiBufferSize

winmm

waveInAddBuffer
mmioSendMessage
waveOutGetDevCapsW

msvcrt

putc
fgets
memset
atoi
fputwc
toupper

mscms

OpenColorProfileW

shell32

FindExecutableA
SHLoadNonloadedIconOverlayIdentifiers
DuplicateIcon

ws2_32

recv

winscard

SCardGetStatusChangeW
SCardListReaderGroupsA
SCardGetCardTypeProviderNameW
SCardReleaseContext

clusapi

GetClusterResourceNetworkName
CloseCluster

user32

InvalidateRgn
SetMenuItemInfoA
SetProcessWindowStation
LookupIconIdFromDirectory
SendMessageA
DestroyAcceleratorTable
GetUpdateRgn
IsWindow
UnregisterDeviceNotification
keybd_event
IsDialogMessageA
RealChildWindowFromPoint
ShowCursor
SendInput
BroadcastSystemMessageW
IsCharAlphaNumericW
GetDoubleClickTime
ShowWindow
GetTabbedTextExtentW
GetDlgItemTextA
AllowSetForegroundWindow
BringWindowToTop
GetWindowRgn
UpdateWindow
GetClassLongW
VkKeyScanA
GetActiveWindow
RegisterShellHookWindow
GetUpdateRect
SetRect

imm32

ImmSetCompositionFontW
ImmDisableIME

opengl32

glBegin

ntdsapi

DsFreeDomainControllerInfoW

rpcrt4

I_RpcAsyncSetHandle
NdrClearOutParameters
RpcBindingInqObject
RpcCancelThreadEx
RpcUserFree
RpcBindingInqAuthInfoExW
RpcServerUseProtseqIfW
RpcBindingFromStringBindingW
RpcMgmtEpEltInqBegin
I_RpcServerInqLocalConnAddress

kernel32

FindAtomA
Process32First
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
GetModuleFileNameA
GetBinaryTypeW
GetModuleFileNameW
LoadLibraryExW
OpenProcess
GetCurrentDirectoryA
GlobalDeleteAtom
WinExec
FindResourceExW
SetCommBreak
GetCurrencyFormatW
GetExitCodeProcess
CreateSemaphoreA
ReadConsoleW
GetNativeSystemInfo
DefineDosDeviceA
GetDefaultCommConfigW
WaitForSingleObject
SetComputerNameExW
LockFileEx
SetFileAttributesA
EncodePointer
DecodePointer
OpenSemaphoreW
GetProcessHeap
GetTapeStatus
GetCurrencyFormatA
UnhandledExceptionFilter
InterlockedPushEntrySList
VerLanguageNameW
TransactNamedPipe
HeapDestroy
PeekNamedPipe
DeactivateActCtx
InterlockedPopEntrySList

gdi32

GetPaletteEntries
SetICMMode
EnumFontFamiliesW
GetBrushOrgEx
SetTextJustification
ExtCreateRegion
GetCurrentPositionEx
FloodFill
GetBkMode
CreateCompatibleBitmap
EndDoc
OffsetViewportOrgEx
CreatePolygonRgn
StrokeAndFillPath

urlmon

IsValidURL
CoInternetParseUrl
CopyStgMedium

advapi32

CryptSetHashParam
ChangeServiceConfigA
LookupPrivilegeNameW
RegQueryValueA
OpenServiceW
RegOpenKeyW
DuplicateToken
CheckTokenMembership
LookupAccountNameA
GetServiceKeyNameA
ObjectCloseAuditAlarmA
CloseEncryptedFileRaw
RegisterServiceCtrlHandlerExW
EncryptFileW
CloseServiceHandle
RegNotifyChangeKeyValue
CryptContextAddRef

powrprof

EnumPwrSchemes
ReadGlobalPwrPolicy

msacm32

acmFormatEnumW
acmStreamSize
acmFormatTagEnumW

setupapi

SetupDiGetClassInstallParamsA
SetupDiSetClassInstallParamsW
SetupQueryInfOriginalFileInformationW
SetupGetSourceInfoA
CM_Get_First_Log_Conf
SetupCloseFileQueue
SetupGetInfInformationW
SetupDiClassNameFromGuidExA
SetupDefaultQueueCallbackW
CM_Free_Resource_Conflict_Handle
SetupDiGetClassImageList
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

crypt32

CertFindExtension
CertSetCertificateContextProperty
CryptUnregisterOIDInfo
CryptMsgGetParam

wininet

FtpOpenFileA
FindFirstUrlCacheEntryExW

msvfw32

ICSeqCompressFrame
ICCompressorChoose
ICGetDisplayFormat

mprapi

MprInfoDelete
MprConfigInterfaceSetInfo
MprAdminIsServiceRunning

winspool.drv

FindNextPrinterChangeNotification
AddPrinterConnectionW
AddPrinterW

ole32

IsAccelerator
STGMEDIUM_UserSize
CoQueryProxyBlanket
OleFlushClipboard
CLSIDFromString
CreateILockBytesOnHGlobal
HGLOBAL_UserMarshal
HBITMAP_UserSize
OleCreateEmbeddingHelper
CoMarshalHresult
StgCreateDocfileOnILockBytes
GetConvertStg
StringFromCLSID
ReadFmtUserTypeStg
CoFreeLibrary
CoGetCallContext

shlwapi

StrCpyNW
StrCmpNA
PathAppendW
StrStrNIW
PathCompactPathW
StrChrA
StrCmpIW

esent

JetRetrieveColumns
JetCloseDatabase
JetDelete

rasapi32

RasEnumDevicesW
RasGetEntryPropertiesA
RasSetEapUserDataA

lz32

LZOpenFileA
LZOpenFileW

Exports

Exports

AensvatdnhAe

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

469196bdc0bafdb475436e9bb59be6e2

Headers

File Characteristics

Imports

version

wintrust

oleaut32

secur32

iphlpapi

netapi32

winmm

msvcrt

mscms

shell32

ws2_32

winscard

clusapi

user32

imm32

opengl32

ntdsapi

rpcrt4

kernel32

gdi32

urlmon

advapi32

powrprof

msacm32

setupapi

crypt32

wininet

msvfw32

mprapi

winspool.drv

ole32

shlwapi

esent

rasapi32

lz32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 596KB - Virtual size: 592KB

.data Size: 536KB - Virtual size: 533KB

CRT Size: 496KB - Virtual size: 494KB

.CRT Size: 100KB - Virtual size: 98KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 72KB - Virtual size: 68KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 596KB - Virtual size: 592KB

.data
Size: 536KB - Virtual size: 533KB

CRT
Size: 496KB - Virtual size: 494KB

.CRT
Size: 100KB - Virtual size: 98KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 72KB - Virtual size: 68KB