37f3ae2dba7e877f3d9e09b4a4043de8939072717b2b39c4027257496f51a509

Sharing

Copy URL Twitter E-mail

General

Target

37f3ae2dba7e877f3d9e09b4a4043de8939072717b2b39c4027257496f51a509
Size

328KB
MD5

2cb907d46b66861baf04aba44d1696ad
SHA1

596336c35efb3ee1e4f9c7af625b07f714eefe59
SHA256

37f3ae2dba7e877f3d9e09b4a4043de8939072717b2b39c4027257496f51a509
SHA512

6ea673560cb21c41de86e2873b22e0bf749b4ba06bc7364840ac654202fa7d0fafc10e0fba9003f0a644d83172b83352e8c27d8bf35931793909a930d226c95c
SSDEEP

6144:m8R+sBSJYiYEWoQ+dGqd4hNkLPkZ+8nko1gNLxYO+RL:m8RvSJ9YEWJ+Eqd4bkbYk2qtEL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37f3ae2dba7e877f3d9e09b4a4043de8939072717b2b39c4027257496f51a509

Files

37f3ae2dba7e877f3d9e09b4a4043de8939072717b2b39c4027257496f51a509
.dll windows:5 windows x86 arch:x86

14a204c325893724524128c92503c284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

boundscheck

hw2_memcpy_s
hw2_memset_s
hw_strncpy_s
hw2_strcpy_s

rxruntim

RoCreateInstanceNCT
ValueClear
ValueInit
ValueCheckType
RoCreateInstance

rxcoml

RECreateInstance

rxffr

fmtrec_s
fmtdetail

kernel32

InitializeCriticalSectionAndSpinCount
CreateFileW
WriteConsoleW
SetStdHandle
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
InterlockedIncrement
InterlockedDecrement
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
HeapSize
Sleep
DeleteCriticalSection
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
GetStringTypeW

Exports

Exports

REGetClassObject
RXGetClassObject

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14a204c325893724524128c92503c284

Headers

DLL Characteristics

File Characteristics

Imports

boundscheck

rxruntim

rxcoml

rxffr

kernel32

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB