4b56240890aad8778f604d4bd255b8aa

Sharing

Copy URL Twitter E-mail

General

Target

4b56240890aad8778f604d4bd255b8aa
Size

191KB
MD5

4b56240890aad8778f604d4bd255b8aa
SHA1

ff4ee56ed74725991eb06e6260ba43ca98ad8dbe
SHA256

1e82022124b121d5f32e02e6178c1f564d55863d6986b9b1c6f35e10e614271b
SHA512

99ad3c38a8a2036e0c9080951682192c1748000e52cb9164bd79f880a0964ae11e776d6b6970911776188dcce01b18b13bc42c0f175fde364e996d70556bfc6e
SSDEEP

3072:zksZQY2rMn9b3RdHeRDITTduRa/iXtbFDavpKlemOAbRARMjNUT8arjXGLz4Gwp:zzZQY24RxeV64xBavf0BjNUXjyMT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b56240890aad8778f604d4bd255b8aa

Files

4b56240890aad8778f604d4bd255b8aa
.dll windows:4 windows x64 arch:x64

22f7ef10251ec997d0d90d25d7bd06be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrUnlockLoaderLock
NtQueryEvent
NtReleaseSemaphore
NtWaitForMultipleObjects
NtSetEvent
RtlVerifyVersionInfo
VerSetConditionMask
NtQueryInformationJobObject
NtQueueApcThread
_snwprintf
RtlReAllocateHeap
LdrUnloadDll
wcsncmp
LdrAddRefDll
NtSetSecurityObject
RtlSetSaclSecurityDescriptor
NtQuerySecurityObject
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtAdjustPrivilegesToken
RtlSubAuthorityCountSid
NtQueryInformationToken
NtDuplicateToken
NtOpenProcessToken
RtlCreateSecurityDescriptor
RtlMakeSelfRelativeSD
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateAcl
RtlSetControlSecurityDescriptor
RtlLengthSid
RtlInitializeSid
RtlEqualSid
RtlLengthRequiredSid
NtWaitForSingleObject
NtCreateThread
NtCreateSection
NtUnmapViewOfSection
NtMapViewOfSection
NtReadFile
NtOpenFile
NtFlushBuffersFile
NtCreateFile
NtUnlockFile
NtQueryDirectoryFile
NtQueryInformationFile
NtIsProcessInJob
RtlInitUnicodeString
NtSetInformationThread
NtQueryInformationThread
CsrClientCallServer
NtTerminateThread
RtlExitUserThread
RtlAllocateHeap
RtlFreeHeap
LdrLoadDll
NtResumeThread
NtSetInformationFile
wcsncpy
NtLockFile
memcmp
memset
memcpy
NtWriteFile
NtQuerySystemInformation
NtOpenProcess
NtQueryVirtualMemory
LdrLockLoaderLock
NtClearEvent
NtPulseEvent
NtDelayExecution
NtReleaseMutant
NtClose
NtQueryObject
NtDuplicateObject
RtlSubAuthoritySid
RtlQueueApcWow64Thread
NtReadVirtualMemory
RtlEqualUnicodeString
NtQueryInformationProcess
NtWriteVirtualMemory
NtTerminateProcess
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
__chkstk

kernel32

InitializeCriticalSection
GlobalFree
GetTempFileNameW
GetTempPathW
CreateFileW
DeleteAtom
FindAtomW
AddAtomW
DeleteCriticalSection
IsBadReadPtr
OpenSemaphoreW
SetErrorMode
ExitProcess
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateEventW
CreateSemaphoreW
CreateMutexW
ResumeThread
EnterCriticalSection
LeaveCriticalSection
GetTickCount

user32

TrackPopupMenu
CallNextHookEx
InsertMenuItemW
UnhookWindowsHook
PeekMessageW
CreatePopupMenu
SetWindowsHookExW
UnhookWindowsHookEx
RegisterClassW
EndMenu
DestroyMenu
MsgWaitForMultipleObjects
GetParent
GetWindow
UnregisterClassW
RegisterClassExW
SetClassLongPtrW
CreateWindowExW
DefWindowProcW
GetWindowLongPtrW
SendMessageTimeoutW
SetWindowLongPtrW
SetProcessWindowStation
GetThreadDesktop
GetProcessWindowStation
OpenDesktopW
EnumDesktopsW
EnumWindowStationsW
SetThreadDesktop
OpenWindowStationW
DestroyWindow
PostMessageW
FindWindowW
FindWindowExW
MessageBoxTimeoutW
MessageBoxIndirectW
GetForegroundWindow
GetWindowThreadProcessId
CloseWindowStation
CloseDesktop

advapi32

RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoInitializeEx
CoGetClassObject

oleaut32

SysAllocString
SysFreeString

dnsapi

DnsRecordListFree
DnsQuery_W

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpConnect
WinHttpCloseHandle
WinHttpCrackUrl

shlwapi

ord15

urlmon

ObtainUserAgentString

rpcrt4

RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcStringFreeW
RpcAsyncInitializeHandle
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcStringBindingComposeW
Ndr64AsyncClientCall

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22f7ef10251ec997d0d90d25d7bd06be

Headers

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

dnsapi

winhttp

shlwapi

urlmon

rpcrt4

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB