18ceb866a5441d68f99d4bbbc6bb2e83

Sharing

Copy URL

Twitter E-mail

General

Target

18ceb866a5441d68f99d4bbbc6bb2e83
Size

312KB
MD5

18ceb866a5441d68f99d4bbbc6bb2e83
SHA1

425015a045301aa56d78357c76509cd07a399052
SHA256

56d44fc433217043d9640a7a48ddc79caec9d3606de4d13098c708e8228918bd
SHA512

bb8769cdead9f1246e1a453a770b8e056efbe68606ad16a1a6f43e489b57841689d66ae1a2f8d4a3f21a1564be82de7699f8f28c645fbf2ef62b0af8987843b7
SSDEEP

6144:nmf6+Wb2lIcWzdqKfhMtO4F0F/ih0A77ge3LojhqoqEfGaVVw6WzTZ:fQIc2dqKfhM446F20A7ke3LeVfGcVwBt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18ceb866a5441d68f99d4bbbc6bb2e83

Files

18ceb866a5441d68f99d4bbbc6bb2e83
.dll windows:4 windows x86 arch:x86

e2989c1cdc37b7ffb2beafe55bebfad9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
lstrcpyA
GlobalFree
GlobalLock
InitializeCriticalSection
DeleteCriticalSection
FlushFileBuffers
SetStdHandle
LoadLibraryA
SetFilePointer
GetLastError
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
GetFileType
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetModuleHandleA
GetProcAddress
GetCommandLineA
HeapFree
HeapAlloc
CloseHandle

ole32

StgCreateDocfile
StgOpenStorage
CoTaskMemFree

ltkrn13n

ord110
ord111
ord310
ord282
ord196
ord283

lffpx7

ord49
ord57
ord55
ord58
ord56
ord54
ord50
ord47
ord53
ord23
ord20
ord36
ord126
ord33
ord31
ord29
ord17
ord60
ord62
ord64
ord66
ord68
ord70
ord72
ord74
ord76
ord140
ord141
ord59
ord61
ord63
ord65
ord67
ord69
ord71
ord73
ord75
ord77
ord2
ord10
ord5
ord7
ord3
ord51

Exports

Exports

DllMain
fltDeletePage
fltEnumDimensions
fltGetComment
fltGetDimension
fltGetStamp
fltGetTransforms
fltInfo
fltLoad
fltSave
fltSetComment
fltSetStamp
fltSetTransforms
fltSizeComment

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2989c1cdc37b7ffb2beafe55bebfad9

Headers

File Characteristics

Imports

kernel32

ole32

ltkrn13n

lffpx7

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 11KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text Size: 229KB - Virtual size: 232KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 11KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 229KB - Virtual size: 232KB