42e618991bc27cd69ac698244a27d5fb

Sharing

Copy URL Twitter E-mail

General

Target

42e618991bc27cd69ac698244a27d5fb
Size

1.3MB
MD5

42e618991bc27cd69ac698244a27d5fb
SHA1

89fca8bc4efd02a80650512b42e17e7555e79ae5
SHA256

366deec7f3920bc64bf4d7f8e8d726ec1268b80c61b4703d751f2e06e940f96d
SHA512

af13572f5409788d4aa5529d312a186c336877aa0c7fc076954bdc88f49d64130fadc38c44b59d197ab1702348459bc4f65754ed477d5416d6861b0bd11224ae
SSDEEP

24576:JsuJmS2kMgkvlEP3ZIpRnbbrLOVrVxeurKc+bfH8:GLSCND0feurKhbfH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e618991bc27cd69ac698244a27d5fb

Files

42e618991bc27cd69ac698244a27d5fb
.dll windows:6 windows x86 arch:x86

8bfbc624c92c4d093dc49c739628e602

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CreateProcessA
GetModuleHandleA
CreateFileMappingW
SetNamedPipeHandleState
CreatePipe
ClearCommBreak
GetNamedPipeHandleStateA
AreFileApisANSI
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetLastError
RequestWakeupLatency
GetCurrentProcess
SetProcessWorkingSetSize
WideCharToMultiByte
CompareStringW
GetGeoInfoA
GetUserDefaultLCID
GetConsoleCP
Process32First
CloseHandle
Thread32Next
SetLastError
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
GetStdHandle
GetProcessWorkingSetSize
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
LCMapStringW
DecodePointer
HeapReAlloc
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
HeapSize
SetEndOfFile
GetShortPathNameA
GetFileType
GetProcAddress

user32

GetUserObjectInformationW
GetProcessWindowStation
DrawCaption
SendMessageA
LoadAcceleratorsW
SetMenuItemBitmaps
MessageBoxW

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
LsaCreateTrustedDomainEx
LsaSetTrustedDomainInfoByName
LsaOpenPolicy
LsaClose
ControlService
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetKernelObjectSecurity
AddAccessDeniedObjectAce
PrivilegeCheck
GetKernelObjectSecurity
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

ws2_32

closesocket
socket
WSAStartup
WSACleanup
connect
htons
recv
send
WSASetLastError
WSAGetLastError

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

dmk_xroi_map
frealloc
rbinop_mod
register_math
reprFunc

Sections

.text
Size: 966KB - Virtual size: 965KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bfbc624c92c4d093dc49c739628e602

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 966KB - Virtual size: 965KB

.rdata Size: 277KB - Virtual size: 276KB

.data Size: 13KB - Virtual size: 27KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 966KB - Virtual size: 965KB

.rdata
Size: 277KB - Virtual size: 276KB

.data
Size: 13KB - Virtual size: 27KB

.reloc
Size: 37KB - Virtual size: 37KB