93f1aadedae7074e1ba5283ef4849d69

Sharing

Copy URL

Twitter E-mail

General

Target

93f1aadedae7074e1ba5283ef4849d69
Size

396KB
MD5

93f1aadedae7074e1ba5283ef4849d69
SHA1

5ae4e9cf38f79d3d86e6f90d0885d3beb01f5348
SHA256

52e3abe2a1c46e10d805b22603070ac8318c6c127f76d59d3bb85c38cb5c7667
SHA512

a57bb47d70465a6977467771190261be4619c30adba2938e0b0a346de5c1478ec542ca9411843a0dd69a46f53a9bb2d264c8816de0f43c22b6cd2335a3f81578
SSDEEP

12288:yFFIBSCdHo3p5CJHj9wc3gXER/TYKNvi7n:SIBSCdHo3p5C9Bwty/TYMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93f1aadedae7074e1ba5283ef4849d69

Files

93f1aadedae7074e1ba5283ef4849d69
.dll windows:5 windows x86 arch:x86

3102658ec0acea619548e0a75e5fd300

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
LoadLibraryW
Sleep
CreateEventA
ReadFile
GetSystemDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
WriteFile
VirtualAlloc
FindClose
LoadLibraryA
FindNextFileA
CloseHandle
DeleteFileA
SetEnvironmentVariableA
CompareStringW
FormatMessageA
VirtualFree
FreeLibrary
MoveFileExA
SetFilePointer
GetFileSize
CreateFileA
GetProcAddress
ExitProcess
GetProcessHeap
SetEndOfFile
CreateFileW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
DecodePointer
GetCurrentThreadId
GetCommandLineA
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleFileNameW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
MultiByteToWideChar
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetTimeZoneInformation
HeapReAlloc
WriteConsoleW
SetStdHandle
GetStringTypeW
RaiseException

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ord165
SHGetFolderPathA

Exports

Exports

OptimizeSataDevicesInitialize
ServiceMain

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3102658ec0acea619548e0a75e5fd300

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 15KB - Virtual size: 16.1MB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 15KB - Virtual size: 16.1MB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 53KB - Virtual size: 53KB