0fc54f80a7cfef4ba11e64c14754453e

Sharing

Copy URL

Twitter E-mail

General

Target

0fc54f80a7cfef4ba11e64c14754453e
Size

244KB
MD5

0fc54f80a7cfef4ba11e64c14754453e
SHA1

0bff307ef55b09bcf188e5ae657adafbe0c843a8
SHA256

54b02ec15a2616ae902fd324d87d916b2c953797535a42a64555ece367393d3e
SHA512

3b942a9392c3b54651abd84d81e36b422c5bcfa00716b0bb42fb6b83e836c1128090d9a76221d1b9be28f39867ac4d9750ea580b00ab91413d8065981c078b2d
SSDEEP

3072:YpTv8FMT5XFOyc7gVBf/PTamuScyhAB+49xs4cAWSmYxCV5LjUi6w+Y/2E3NpOku:YCcrzzLuy9e63bVYM5M7Y/2eckRM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fc54f80a7cfef4ba11e64c14754453e

Files

0fc54f80a7cfef4ba11e64c14754453e
.dll windows:4 windows x86 arch:x86

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertFindExtension
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CryptMsgControl
CertGetSubjectCertificateFromStore
CertOpenStore
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CertGetCertificateChain
CryptMsgOpenToDecode

kernel32

GetThreadLocale
WideCharToMultiByte
lstrlenW
GetLastError
GetProcAddress
GetModuleHandleW
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

PeekMessageW
KillTimer
TranslateMessage
DispatchMessageW
SetTimer
MsgWaitForMultipleObjects

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx

oleaut32

SysAllocString
VariantChangeType
VariantCopy
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
VariantClear
VariantInit

xprt5

xprt_strcmp
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
_XprtMemFree@4
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
_XprtMemRealloc@8
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
??0TPtrArray@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_snwprintf
strcmp
qsort
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
memcpy
_purecall
__CxxFrameHandler

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

Imports

crypt32

kernel32

user32

ole32

oleaut32

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 152KB - Virtual size: 152KB