15c55b74f05b6a1eba3eca80c5127e24

Sharing

Copy URL Twitter E-mail

General

Target

15c55b74f05b6a1eba3eca80c5127e24
Size

101KB
MD5

15c55b74f05b6a1eba3eca80c5127e24
SHA1

48a3d80d761279449bb321d07c572cd7985a4fce
SHA256

21c5b50986eec1cd9b0a8b2f951e00881cc018cc1a23bd8f1c38786838fde6df
SHA512

5ecb1e4a01d4a2b383a82e32e039c33157d040ca27d22c4ffaf5566b25db034494b4d2c61f06fbfe1da78502a7390ef73324fc0c4efbf3144ec7c8ddb13e5a43
SSDEEP

1536:lZGBojjXduXbTwV89NhmoiKSHyC3Kq7zc85tFMCaoJ:lfzGS3B7I85tFM9G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c55b74f05b6a1eba3eca80c5127e24

Files

15c55b74f05b6a1eba3eca80c5127e24
.dll windows:5 windows x86 arch:x86

afee384ef45bc0a6d6baa8e65f98a75e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

wininet

InternetCrackUrlA

kernel32

GetProcessHeap
GetVolumeInformationA
GetLastError
GetTickCount
GetCurrentProcessId
CreateFileA
WaitForSingleObject
WriteFile
TerminateThread
Sleep
CreateProcessA
ReleaseMutex
HeapFree
GetTempPathA
CreateThread
GetModuleHandleA
GetCurrentProcess
LocalFree
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetComputerNameA
GetProcAddress
lstrcpynA
LoadLibraryA
FreeLibrary
lstrcmpiA
lstrlenA
GetLocaleInfoA
CloseHandle
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
SetFilePointer

advapi32

DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
GetLengthSid

oleaut32

VariantClear

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afee384ef45bc0a6d6baa8e65f98a75e

Headers

File Characteristics

Imports

shlwapi

wininet

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB