4595f93ed9f3f02913c25aa3e91f691548a2f767aa96fcf8b92612f24b0139d4

Sharing

Copy URL Twitter E-mail

General

Target

4595f93ed9f3f02913c25aa3e91f691548a2f767aa96fcf8b92612f24b0139d4
Size

1.5MB
MD5

78fc47dfa81e35d4e4045de34de51604
SHA1

ac0b498a0e2ed10883c6f6ab734e5aaca987395b
SHA256

4595f93ed9f3f02913c25aa3e91f691548a2f767aa96fcf8b92612f24b0139d4
SHA512

1480c27bd538d71ce99257196399b075142bc00599f79cb6411e65b3ca22c2b61ef599a132bee6fde3bd4596d791546cce0128278656bd924bc7bda4e8176ccc
SSDEEP

24576:w8/fJ+MR5IgNLYItva83qDTSh/DC7wkfBFDvHenZJVuTHU:dHR5IYYItva86fSgzDvIZJoA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4595f93ed9f3f02913c25aa3e91f691548a2f767aa96fcf8b92612f24b0139d4

Files

4595f93ed9f3f02913c25aa3e91f691548a2f767aa96fcf8b92612f24b0139d4
.dll windows:5 windows x64 arch:x64

9e98649efc73845b4a911ec3bef18c42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
CopyFileW
SetCurrentDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
Sleep
TerminateProcess
LocalFree
CreateMutexW
InitializeProcThreadAttributeList
CreateThread
WaitForSingleObject
FindResourceExW
CloseHandle
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
QueryPerformanceCounter
GetTickCount
LockResource
LoadResource
SizeofResource
GetLastError
Process32NextW
GetCurrentProcess
GetModuleHandleW
VirtualAllocEx
GetSystemInfo
GetModuleHandleA
WriteProcessMemory
VirtualFree
CreateRemoteThread
TerminateThread
GetVersionExW
ReadFile
CreateFileW
GetFileSizeEx
VirtualAlloc
LoadLibraryA
GetProcessId
IsWow64Process
Module32FirstW
Wow64SetThreadContext
Module32NextW
ResumeThread
Wow64GetThreadContext
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
FindResourceW
OpenFileMappingW
GetCurrentThreadId
ReleaseMutex
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
VirtualQuery
WideCharToMultiByte

advapi32

CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CreateProcessAsUserW
OpenProcessToken

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW
StrStrIW
StrCmpIW

iphlpapi

GetAdaptersAddresses

Exports

Exports

BtMainStart

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e98649efc73845b4a911ec3bef18c42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 25KB - Virtual size: 33KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 25KB - Virtual size: 33KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 5KB - Virtual size: 4KB