d51cfaed5d116acfea044cd626c5f4fa

Sharing

Copy URL Twitter E-mail

General

Target

d51cfaed5d116acfea044cd626c5f4fa
Size

133KB
MD5

d51cfaed5d116acfea044cd626c5f4fa
SHA1

20e7449ea8a2ff12c20cd8bede9b742ee0cb3a9e
SHA256

c5da93d52f9f1a2b7618a84064d0a8ca06ad67a774be4636a3da3de777d1f1ee
SHA512

dbb431a8c40ca2bd03742ae5599512899a6bee3c18eb768ef87bd2ffae8e2e622b7b91222ea5b6359196116e5f46b7f4a459adeb0f1c46f92274d975d37c566e
SSDEEP

3072:Ovgt1wrSpGlOV98wYZkKFBcRBsQ4Kl4uT16:Ove1weGS8wYZkiWBstsJ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d51cfaed5d116acfea044cd626c5f4fa

Files

d51cfaed5d116acfea044cd626c5f4fa
.dll windows:6 windows x86 arch:x86

9139eb4f921e02f7ab6bea12a9ce0a08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord413
ImageList_LoadImageW
InitCommonControlsEx
FlatSB_GetScrollInfo
ImageList_Destroy
UninitializeFlatSB
InitializeFlatSB

kernel32

GetProcessHeap
SetEndOfFile
HeapSize
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
CloseHandle
GetVolumePathNameA
VirtualAlloc
GetProcAddress
GetLastError
WriteConsoleW
ReadFile
CreateEventA
Sleep
VirtualFree
SetEvent
LoadLibraryExW
GetFileSize
CreateFileA
ExitProcess
CreateFileW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapCreate
HeapDestroy
WriteFile
GetModuleFileNameW
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
LCMapStringW
GetStringTypeW
LoadLibraryW
HeapReAlloc
GetFileAttributesA

user32

WindowFromPoint
GetDC
ReleaseDC
GetDesktopWindow
IsWindowVisible
EnumDisplayMonitors

gdi32

GetBitmapDimensionEx
FlattenPath
GetICMProfileW

comdlg32

ChooseColorW
ReplaceTextW

advapi32

SaferCloseLevel
SaferCreateLevel
LookupAccountNameA
RegQueryValueExA
DuplicateEncryptionInfoFile
SaferGetLevelInformation
GetUserNameA
RegCloseKey
BuildTrusteeWithObjectsAndSidA

Exports

Exports

ServiceMain
format_att_mnemonic
ia32_decode_insn
imm32_signsized
lookup_check_validate
x86_oplist_append

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9139eb4f921e02f7ab6bea12a9ce0a08

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 8KB