3a6e4dd5950b2694f302af8aacc04505

Sharing

Copy URL Twitter E-mail

General

Target

3a6e4dd5950b2694f302af8aacc04505
Size

490KB
MD5

3a6e4dd5950b2694f302af8aacc04505
SHA1

439ca93773fff5e21f142344ad58ec82be7ff300
SHA256

5c6583bd77bdbf2b988892597a6e34f45f2b2ef553b4f1897d96d805119d8008
SHA512

920732d021457633f2ea178c09c55dc368b039f9e92e5a4f45801467127e8fbd8dec5322ece1fc1d2aeaed9604ab8f35bda9c31c2b2bb603fd20110e599273b3
SSDEEP

12288:HQxILylJmL2BPb/b0HELx1H99vHHeE+EE1o45StxcoLO8E/0UqB7Vkkl:HQuyXmLY7gaH7+EE1o487coLOD8l7Vtl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a6e4dd5950b2694f302af8aacc04505

Files

3a6e4dd5950b2694f302af8aacc04505
.dll windows:6 windows x86 arch:x86

a5c5563698b993afe12710b24c3876fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
SetStdHandle
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapSize
WriteFile
GetConsoleCP
GetConsoleMode
GetACP
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleHandleExW
CloseHandle
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryExW
FreeLibrary
GetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
DeleteCriticalSection
VirtualProtect
CreateFileW
FlushFileBuffers
GetModuleHandleW
CreateProcessW
LocalFree
GetWindowsDirectoryW
GetCurrentDirectoryW
CreateThread
LoadLibraryW
FindFirstChangeNotificationW
GetSystemDirectoryW
LocalAlloc
WaitForSingleObject
GetModuleFileNameW
ExitProcess
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW

user32

InflateRect
GetWindowLongW
PostMessageW
DefWindowProcW
DestroyMenu
GetDlgCtrlID
LockWindowUpdate
EnumWindows
GetMenuItemInfoW
ExitWindowsEx
EndDeferWindowPos
InvalidateRect
MapWindowPoints
DrawTextW
GetClassInfoExW
RemoveMenu
CallNextHookEx
ReleaseDC
ValidateRect
CreateDialogIndirectParamW
IntersectRect
KillTimer
BeginPaint
GetSystemMenu
GetSystemMetrics
GetMessageTime

gdi32

RectVisible
CreatePatternBrush
TextOutW
SetViewportOrgEx
CreateSolidBrush
GetBkColor

ole32

StgCreateDocfile
CoSuspendClassObjects
OleInitialize
CoUninitialize
OleCreate
OleSetContainedObject
CoInitialize
OleUninitialize

ws2_32

inet_ntoa
WSACleanup
select
ntohl
listen
getprotobynumber
WSAStartup
inet_addr
ioctlsocket
recv
getservbyname
setsockopt
socket
send
getservbyport

wininet

HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
InternetQueryDataAvailable
InternetReadFile
HttpEndRequestW
InternetAttemptConnect
InternetConnectW
InternetSetOptionW
HttpSendRequestExW
InternetSetCookieW
InternetWriteFile
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW
HttpOpenRequestW

winspool.drv

DocumentPropertiesW
GetPrinterDataW
AddPrinterConnectionW
OpenPrinterW
ClosePrinter

dciman32

WinWatchClose
DCIOpenProvider
GetDCRegionData
DCISetDestination
DCICloseProvider
DCICreateOverlay
GetWindowRegionData
DCIEndAccess
WinWatchDidStatusChange
DCICreatePrimary
DCISetSrcDestClip
DCIDestroy
DCIDraw
DCISetClipList
DCIEnum
DCIBeginAccess
DCICreateOffscreen

Exports

Exports

Drivethere
Fiveeye
Keytwenty
ScaleUnit
Substanceglad
Thirdround
Train

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5c5563698b993afe12710b24c3876fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

ws2_32

wininet

winspool.drv

dciman32

Exports

Exports

Sections

.text Size: 291KB - Virtual size: 290KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 3KB - Virtual size: 87KB

.gfids Size: 512B - Virtual size: 512B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 291KB - Virtual size: 290KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 3KB - Virtual size: 87KB

.gfids
Size: 512B - Virtual size: 512B

.reloc
Size: 9KB - Virtual size: 9KB