126cd80c3ba17c1324e44d931ad00e22

Sharing

Copy URL Twitter E-mail

General

Target

126cd80c3ba17c1324e44d931ad00e22
Size

195KB
MD5

126cd80c3ba17c1324e44d931ad00e22
SHA1

0597fd81d7c07c6c358f4b7ade03bc0b6776f00e
SHA256

4b0d9bb8ad13c708253734ec58c4b22c8e6b8e38c09d900aa7ccfa697c744a0f
SHA512

d6cc30f874665cd302d20f80bd59d5fe6dc9a68ab01efa77125d130a81bfc0dde310ddfbe3af99f8494560f598adcd3db6d4034e1e1e4d7e7aeabf56f55202e6
SSDEEP

3072:kwLtFWy1BgBZ7EuPO1uTMKl1ohZj2TBfRv5Cp4Dg5E++c:xBFjez2uouqh52TBJBCp4DZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
126cd80c3ba17c1324e44d931ad00e22

Files

126cd80c3ba17c1324e44d931ad00e22
.dll windows:5 windows x86 arch:x86

3e8fee85faad7c565c4f4395fb497c68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA
StrNCatA
wnsprintfA
StrToIntA
StrRChrA
StrStrIA
StrCmpNIA

kernel32

OpenMutexA
CloseHandle
GetProcAddress
GetLastError
SetEvent
WaitForSingleObject
lstrcmpiA
CreateFileMappingA
MapViewOfFile
ResetEvent
Sleep
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetComputerNameA
HeapFree
GetTickCount
GetCurrentProcessId
CreateThread
TerminateThread
CreateMutexA
ReleaseMutex
GetModuleHandleA
LocalFree
GetCurrentProcess
CreateEventA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
lstrcpynA
GetProcessHeap
LoadLibraryA
FreeLibrary
lstrlenA
WriteConsoleW
CreateFileA
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetVolumeInformationA
GetLocaleInfoW
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

SetNamedSecurityInfoA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey

oleaut32

VariantClear

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e8fee85faad7c565c4f4395fb497c68

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB