f4ca58754693223c7fa068b5bccd645d76cd7cc824ff42cdc8bab0b42a597fbd

Sharing

Copy URL Twitter E-mail

General

Target

f4ca58754693223c7fa068b5bccd645d76cd7cc824ff42cdc8bab0b42a597fbd
Size

90KB
MD5

2ee6e1e12eada03212f39443373fb7df
SHA1

01ff9673859f8785fac355cbacd33613194a00f8
SHA256

f4ca58754693223c7fa068b5bccd645d76cd7cc824ff42cdc8bab0b42a597fbd
SHA512

b3d6c7dcac3562b644d45c657f7ee8b6aa5b8098abb2f6536408c588770552dea58f6e3f6b0cf432b8b461e5218dcdc0cddaabc44031129b1b8574c5719854bc
SSDEEP

1536:5X9XrfXoeEPX5KVq9rvuMLaVHgBm6P7g46dSjDSWLI5:N97/VEPX58AaVHUmU7g4ASXSW85

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4ca58754693223c7fa068b5bccd645d76cd7cc824ff42cdc8bab0b42a597fbd

Files

f4ca58754693223c7fa068b5bccd645d76cd7cc824ff42cdc8bab0b42a597fbd
.dll windows:6 windows x64 arch:x64

2331851f54a5bdf2bb24bebdce9b0230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateToolhelp32Snapshot
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
K32GetModuleInformation
Process32FirstW
Process32NextW
QueryPerformanceCounter
RemoveVectoredExceptionHandler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
WriteProcessMemory

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcpy
memset
wcsstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

_stricmp
strlen

Exports

Exports

MMDB_aget_value
MMDB_lookup_string
MMDB_open
MMDB_strerror

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2331851f54a5bdf2bb24bebdce9b0230

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 10KB - Virtual size: 12KB

.pdata Size: 2KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 10KB - Virtual size: 12KB

.pdata
Size: 2KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 2KB - Virtual size: 2KB