1122774226cff4c5e742184f15516395

Sharing

Copy URL Twitter E-mail

General

Target

1122774226cff4c5e742184f15516395
Size

836KB
MD5

1122774226cff4c5e742184f15516395
SHA1

99310b9283a2c68c1866b30c537a7a0e7cc01851
SHA256

e6cc5f2aff15f9f91fc972b7785bb78061f16f822654cef17783d7d84aa1f58f
SHA512

9c7bac437879cbd9bb053cf487643d7073b824802a97c6289a5bcb2981284ef7db295cbe7f5d7880c47196e45acc1695422a802287e777fcca8d7ef8528a56d4
SSDEEP

12288:4CZDkDHIehwRtlNg4FbiirrNEViVOA4XP3:NZDkDHIxtiirraGX4XP3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1122774226cff4c5e742184f15516395

Files

1122774226cff4c5e742184f15516395
.dll windows:4 windows x86 arch:x86

bd62068f59019921f3156f8adc4a53da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetNamedPipeHandleState
ReadFile
GetPrivateProfileStringW
GetVersionExW
GetSystemDirectoryW
CopyFileW
GetFileAttributesA
SetFileAttributesA
SetFileAttributesW
CreateFileA
MoveFileExW
SetEndOfFile
GetFileTime
SetFileTime
SetFilePointer
SetEvent
SearchPathW
GetWindowsDirectoryW
TlsSetValue
MultiByteToWideChar
GetLogicalDrives
GetLocalTime
GetTickCount
Beep
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
LockResource
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalFree
GlobalAlloc
TlsGetValue
CreateEventW
TlsAlloc
TlsFree
GetExitCodeThread
FlushFileBuffers
DisconnectNamedPipe
GetCurrentProcess
GetCurrentThread
lstrcmpW
GetLongPathNameW
VirtualProtect
Module32FirstW
Module32NextW
ReadProcessMemory
DeviceIoControl
DosDateTimeToFileTime
LocalFileTimeToFileTime
LoadLibraryA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
DuplicateHandle
GetCurrentThreadId
WriteFile
OpenProcess
TerminateProcess
CreateThread
GetTempPathW
GetTempFileNameW
CreateProcessW
WaitForSingleObject
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
GetLastError
ExpandEnvironmentStringsW
lstrcpyW
lstrcatW
FindNextFileW
CreateFileW
GetFileSize
CloseHandle
FindFirstFileW
FindClose
lstrcmpiW
lstrcpynW
GetEnvironmentVariableW
lstrlenW
GetModuleHandleW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress

user32

PostMessageW
DialogBoxParamW
MessageBoxW
MessageBeep
ShowWindow
ExitWindowsEx
EndDialog
LoadIconW
GetWindowRect
GetSystemMetrics
SetWindowPos
SendMessageW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
wsprintfW
SetWindowLongW
GetWindowLongW
GetClientRect
SetTimer
EnableWindow
KillTimer
GetDlgItem
FindWindowW
FindWindowExW
SetFocus

comdlg32

GetOpenFileNameW

advapi32

IsTextUnicode
EnumServicesStatusW
OpenSCManagerW
RegDeleteValueW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
LookupAccountSidW
GetTokenInformation
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
EnumServicesStatusExW
ChangeServiceConfigW
OpenServiceA
StartServiceW
CreateServiceW
ControlService
AdjustTokenPrivileges

shell32

DoEnvironmentSubstW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

shlwapi

PathFileExistsW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
SHGetValueW
SHSetValueW
PathFindExtensionW
PathFindFileNameW
StrStrIA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

inet_addr
WSAGetLastError
WSACleanup
closesocket
recv
send
connect
htons
inet_ntoa
gethostbyname
WSAStartup
socket

netapi32

NetUserGetInfo

wininet

InternetCloseHandle
InternetReadFile
HttpOpenRequestW
InternetConnectW
HttpQueryInfoW
InternetOpenW
HttpSendRequestW

msvcrt

fputws
_adjust_fdiv
_initterm
_onexit
__dllonexit
wcscspn
strrchr
_tempnam
_lseek
_close
_write
_read
_open
strstr
_strcmpi
_snprintf
sprintf
atoi
strncmp
memmove
__CxxFrameHandler
_wstat
wcscmp
wcstok
fseek
ftell
remove
fread
fwrite
fgetws
fgets
strncpy
fopen
_errno
_except_handler3
_wcsnicmp
_itow
_wtoi
_wcsupr
_wtol
wcsncat
time
_wfopen
fprintf
fclose
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsncpy
malloc
wcslen
free
wcsrchr
swprintf
wcsncmp
wcscpy
wcscat
_wcsicmp
wcschr

Exports

Exports

CompressSamplesToCab
DisableAutorun
FixAttrib
GetProcessList
GetSamples
GetSamplesE
GetSamplesWithWarning
GetSamplesWithXulyFile
IsNewUSBFile
LiveConnectSaveLog
LoadLiveConnect
NewCleanReg
SaveLog
SaveLogEx
SendUSBSample
SendUSBSampleEx
TroGiup

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 26.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd62068f59019921f3156f8adc4a53da

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

psapi

shlwapi

version

ws2_32

netapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 88KB - Virtual size: 26.3MB

.rsrc Size: 552KB - Virtual size: 548KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 88KB - Virtual size: 26.3MB

.rsrc
Size: 552KB - Virtual size: 548KB

.reloc
Size: 60KB - Virtual size: 59KB