9f27cf7799d1c76685e671a7cbe5a125

Sharing

Copy URL

Twitter E-mail

General

Target

9f27cf7799d1c76685e671a7cbe5a125
Size

240KB
MD5

9f27cf7799d1c76685e671a7cbe5a125
SHA1

88c63c28ca4be75da4b42e1f36c2edfb82e44a4e
SHA256

212a8c29c3cb6a6917c0f4712153e3580373672d7021e3204435c1f35f1c6873
SHA512

3b39dd4c9fe9233f51ced309f4f6f2f19db82b392a38449204364becc654c1c5aab946110ed9d7c2e6bbe15f4dbb03dd286d4a463021a28bf1920e89a4140a03
SSDEEP

3072:EPdOGtrbR4D3Q44KwevJJkaIFKg0XWQ6uYr4dRYltxOagyMt:EFlVGA44KTkaIFSXWYYlmagN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f27cf7799d1c76685e671a7cbe5a125

Files

9f27cf7799d1c76685e671a7cbe5a125
.dll windows:5 windows x64 arch:x64

12296229bf94b5de12dc83e5be9ef9de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

kernel32

Sleep
VirtualFree
VirtualAlloc
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAllocEx
VirtualAlloc
TerminateProcess
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetPriorityClass
SetFileTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
ResumeThread
ReleaseMutex
ReadFile
OpenProcess
OpenMutexA
OpenFileMappingA
MoveFileA
MapViewOfFile
LocalFree
LoadLibraryA
LoadLibraryW
InitializeCriticalSection
HeapFree
HeapAlloc
GetVolumeInformationA
GetVersionExW
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetLastError
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitThread
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CopyFileA
CompareStringA
CloseHandle

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
AdjustTokenPrivileges
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
StartServiceW
OpenServiceA
OpenSCManagerA
OpenSCManagerW
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

ntdll

RtlInitUnicodeString
ZwUnloadDriver
ZwLoadDriver

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 189KB - Virtual size: 754.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 754.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 754.5MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 754.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12296229bf94b5de12dc83e5be9ef9de

Headers

File Characteristics

Imports

oleaut32

kernel32

version

advapi32

ntdll

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 754.3MB

.data Size: 22KB - Virtual size: 754.5MB

.bss Size: - Virtual size: 754.5MB

.idata Size: 5KB - Virtual size: 754.6MB

.didata Size: 512B - Virtual size: 754.6MB

.edata Size: 512B - Virtual size: 754.6MB

.rdata Size: 512B - Virtual size: 754.6MB

.reloc Size: 6KB - Virtual size: 754.6MB

.pdata Size: 11KB - Virtual size: 754.6MB

.rsrc Size: 512B - Virtual size: 754.6MB

.text
Size: 189KB - Virtual size: 754.3MB

.data
Size: 22KB - Virtual size: 754.5MB

.bss
Size: - Virtual size: 754.5MB

.idata
Size: 5KB - Virtual size: 754.6MB

.didata
Size: 512B - Virtual size: 754.6MB

.edata
Size: 512B - Virtual size: 754.6MB

.rdata
Size: 512B - Virtual size: 754.6MB

.reloc
Size: 6KB - Virtual size: 754.6MB

.pdata
Size: 11KB - Virtual size: 754.6MB

.rsrc
Size: 512B - Virtual size: 754.6MB