4ec44585a7c6d94273bd3641fec62df7

Sharing

Copy URL Twitter E-mail

General

Target

4ec44585a7c6d94273bd3641fec62df7
Size

176KB
MD5

4ec44585a7c6d94273bd3641fec62df7
SHA1

513a0901277ff2bf5447757b58a05acc08fe9a15
SHA256

7c71b8dac3220343ad41e2fe2ffa3605fa367c0a5492a2fa189d2fa17b79e5ad
SHA512

e34d2c75adf729f3c2a7cb6786d8df6aca73ab6e76d2597cea1f955d369c2a0dcbaae6e38820e59a6b49f5d3d4689d22083983e58c443fd0e06a17ba7e3b9805
SSDEEP

3072:IZEQ0XWOETN8YXqn4xBEaf7JtKM/KL9pAFA3NVRkjvXN8Otnn6J7+79HhF7:f0OETN8YXFvR6MyL13NVmjP+Otnn6J7i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ec44585a7c6d94273bd3641fec62df7

Files

4ec44585a7c6d94273bd3641fec62df7
.dll windows:5 windows x86 arch:x86

43716b746339d8fa50a6b009ecb2f859

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
IsBadStringPtrA
lstrlenA
IsBadStringPtrW
lstrlenW
GetCurrentProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InterlockedIncrement
VirtualQuery
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
lstrcmpiA
lstrcpynA
InterlockedCompareExchange
InterlockedExchange
FreeLibrary
LoadLibraryW
IsBadCodePtr
lstrcpynW
ExpandEnvironmentStringsW
GetFullPathNameW
GetDriveTypeW
SearchPathW
OutputDebugStringW
DisableThreadLibraryCalls
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
RaiseException
ExitProcess
GetProcAddress
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
HeapSize
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
VirtualProtect
SetStdHandle
FlushFileBuffers
CloseHandle
GetLastError
SetLastError
GetModuleHandleA
GetVersionExW
GetVersionExA
QueryPerformanceCounter
GetSystemInfo
IsBadWritePtr
SetHandleCount
IsBadReadPtr

advapi32

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegisterTraceGuidsW

Exports

Exports

DllBidEntryPoint

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43716b746339d8fa50a6b009ecb2f859

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.data Size: 8KB - Virtual size: 12KB

.sdbid Size: 60KB - Virtual size: 57KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 90KB

.data
Size: 8KB - Virtual size: 12KB

.sdbid
Size: 60KB - Virtual size: 57KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB