f64c64c171f14e5db7e79c32c466cb2b753ec149513cf7fbefc7debf521b05a8

Sharing

Copy URL Twitter E-mail

General

Target

f64c64c171f14e5db7e79c32c466cb2b753ec149513cf7fbefc7debf521b05a8
Size

544KB
MD5

00b8d6282a5608a1745de05df94aa1ef
SHA1

398a946516026ee5a7a93e98e160962a90423e6c
SHA256

f64c64c171f14e5db7e79c32c466cb2b753ec149513cf7fbefc7debf521b05a8
SHA512

7e3836da91506e75032b390818f2e9ba10d0420daa1064e13345a961296f6d673d6a504d5a7ce674a5166ae569cf71207a00db3da8ae2148fea4857b35e60205
SSDEEP

6144:JS72Juy2l4BU0MTKe950g3BkzhMCQQIoJeqjsXpaB8Xnr/1Ce2k6SVBHUWq+9yNA:Mjl4UKGyg3Bk16QIEibdwhFESHFcBQ0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64c64c171f14e5db7e79c32c466cb2b753ec149513cf7fbefc7debf521b05a8

Files

f64c64c171f14e5db7e79c32c466cb2b753ec149513cf7fbefc7debf521b05a8
.dll regsvr32 windows:4 windows x64 arch:x64

2766fc1feaecd36bd87bb300ae3a535f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptHashData
CryptReleaseContext

kernel32

CloseHandle
CreateProcessA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
ExitThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadProcessMemory
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_stricmp
_unlock
_write
abort
atoi
calloc
exit
fopen
fputc
fputs
free
fwrite
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strerror
strlen
strncmp
strtoul
vfprintf
wcslen

psapi

GetModuleInformation

shell32

CommandLineToArgvW

user32

EnumThreadWindows

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

Exports

Exports

DllRegisterServer

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2766fc1feaecd36bd87bb300ae3a535f

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

psapi

shell32

user32

winhttp

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 512B - Virtual size: 448B

.rdata Size: 14KB - Virtual size: 14KB

.pdata Size: 10KB - Virtual size: 10KB

.xdata Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 74B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 932B

/4 Size: 512B - Virtual size: 224B

/19 Size: 87KB - Virtual size: 87KB

/31 Size: 4KB - Virtual size: 3KB

/45 Size: 6KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 664B

/81 Size: 9KB - Virtual size: 8KB

/92 Size: 512B - Virtual size: 480B

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 512B - Virtual size: 448B

.rdata
Size: 14KB - Virtual size: 14KB

.pdata
Size: 10KB - Virtual size: 10KB

.xdata
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 932B

/4
Size: 512B - Virtual size: 224B

/19
Size: 87KB - Virtual size: 87KB

/31
Size: 4KB - Virtual size: 3KB

/45
Size: 6KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 664B

/81
Size: 9KB - Virtual size: 8KB

/92
Size: 512B - Virtual size: 480B