25a40dffd14c87c971c952a4ff444298

Sharing

Copy URL Twitter E-mail

General

Target

25a40dffd14c87c971c952a4ff444298
Size

395KB
MD5

25a40dffd14c87c971c952a4ff444298
SHA1

2f20dfa7f0167aae349a35bff30fcd266a273c28
SHA256

7c588317e410ce17527fd67936ab761ba875348e8853a168889b9f67ba90e3e9
SHA512

392c279e4dd753d64f65cfa39ba964388dffb86e0860750b96c95d12422a9456452a80518027a2ff5c6f7cf070903ec0a0b2927030b2d465079ac62c91fb227f
SSDEEP

6144:COVXw3XP2bb51CUF34nX/dQhNfibxe71L3H+40GgQYX4xPbBxM:1VXwHP2f5QUR+/dWo871L3F0GbYXAPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25a40dffd14c87c971c952a4ff444298

Files

25a40dffd14c87c971c952a4ff444298
.dll windows:4 windows x86 arch:x86

b83b0e92f183dd4a734293bb33eb649d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetTickCount
GetVersion
HeapLock
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
ReadFile
GetProcessTimes
ResetEvent
RtlUnwind
SetThreadContext
SizeofResource
TerminateProcess
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualAllocEx
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteTapemark
ClearCommError
GetProcessPriorityBoost
GetProcAddress
GetModuleHandleA
GetMailslotInfo
GetLastError
GetFullPathNameW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeLibrary
FindResourceA
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteTimerQueue
CreateThread
CreateMutexA
CreateFileA
CloseHandle
ReleaseMutex

ole32

CreateStreamOnHGlobal

msvcrt

floor
free
iswspace
malloc
qsort
sqrt
tolower
abort
_wfindfirsti64
_vsnprintf
_unlock
_stricmp
_mbctombb
_j0
_initterm
_finite
_atoi64
_amsg_exit
__dllonexit
__RTDynamicCast
__CxxLongjmpUnwind
_XcptFilter
_CxxThrowException
_CIsqrt
_CIcos
_CIasin
_CIacos

gdi32

GdiGetBatchLimit
GetObjectA
GetTextMetricsA
ExtTextOutW
SetBkMode
SetMapMode
SetTextAlign
DeleteDC
ExtTextOutA
CreateFontIndirectW
CreateFontIndirectA
CreateDIBSection
SelectObject
CreateCompatibleDC

dinput

DirectInputCreateA

advapi32

RegCloseKey
CreatePrivateObjectSecurity
CloseTrace
RegQueryValueExA

Exports

Exports

BlockPop
GetClosure
Keys
Number_AsSsize_t
Number_Subtract
get_cHRM
permit_empty_plte

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b83b0e92f183dd4a734293bb33eb649d

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

gdi32

dinput

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 69KB - Virtual size: 71KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 69KB - Virtual size: 71KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 3KB