04ac7987343e0cae01f337d2838c5c26272399c4361d05615c08408672049b49

Sharing

Copy URL Twitter E-mail

General

Target

04ac7987343e0cae01f337d2838c5c26272399c4361d05615c08408672049b49
Size

1.0MB
MD5

74dcbcf81feaa6d629eb22855f0ca301
SHA1

613fcb889f5b3392fc2f0b7136e3c9d539967bb3
SHA256

04ac7987343e0cae01f337d2838c5c26272399c4361d05615c08408672049b49
SHA512

40ddc6eacda4bd4ca45461ab57c9629526dff60564bf32405751d14d0526ba1bf72861f589f8a34f7ab988687fa4305d6e9de5820d5f0e8e71e629bab2d5aede
SSDEEP

12288:PYs1M52Y8OzUMWxabJXF5qLI5rmVI4s6vZqm058vP:Z25Qwbfr3O4mS8H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ac7987343e0cae01f337d2838c5c26272399c4361d05615c08408672049b49

Files

04ac7987343e0cae01f337d2838c5c26272399c4361d05615c08408672049b49
.dll windows:5 windows x86 arch:x86

6e72a3bc790debd34aa0a7b857184188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

boundscheck

hw_sprintf_s
hw_vsprintf_s
hw2_memmove_s
hw_snprintf_s
hw2_memset_s
rx_memmove_x
rx_memcpy_x
hw2_memcpy_s
hw2_strcpy_s

rxruntim

ValueInit
ValueClear
ValueCheckType

rxcoml

RECreateInstance

kernel32

GetModuleHandleW
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetDriveTypeA
GetFileAttributesA
GetFileTime
MoveFileA
DeleteFileA
GetFileSize
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
HeapSize
Sleep
GetACP
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapReAlloc
RtlUnwind
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
CreateDirectoryA
CreateFileA
DeleteFileW
GetCurrentDirectoryA
CreateThread
SuspendThread
ResumeThread
ReadFile
SetEndOfFile
RaiseException
SetFilePointer
ReadConsoleW
MoveFileExW

Exports

Exports

REGetClassObject

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e72a3bc790debd34aa0a7b857184188

Headers

DLL Characteristics

File Characteristics

Imports

boundscheck

rxruntim

rxcoml

kernel32

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 232KB - Virtual size: 261KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 52KB

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 232KB - Virtual size: 261KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 52KB