576fe1a977525c6ad789187e7cba5d69

Sharing

Copy URL Twitter E-mail

General

Target

576fe1a977525c6ad789187e7cba5d69
Size

353KB
MD5

576fe1a977525c6ad789187e7cba5d69
SHA1

38ae8813d0974bc7106f1c67d642eddf7606466d
SHA256

404d183c4d66c54a4a4961c67498ce51bc4141034d457778fc4b7d4cd1d35561
SHA512

b0514925ae24f3b9375812886d0ed3ecd750ee1ec22ea2833330a98b2ae7f2d6d81c41645854709fec7ae4fcee562827b36c22ec1045fbef37da970006ded8c6
SSDEEP

6144:tkgFCKY49s+OK0D7uYBok7yRGR24oOkSWYD+7d6ZH8EW8HTOKstGyeXwoKnltG:tzGj6U/RgylS7M74tr4w1lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
576fe1a977525c6ad789187e7cba5d69

Files

576fe1a977525c6ad789187e7cba5d69
.dll windows:4 windows x86 arch:x86

620ceffc9d14da1068d53a34d50854f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

BuildExplicitAccessWithNameA
CheckTokenMembership
ConvertSecurityDescriptorToStringSecurityDescriptorA
DeleteAce
AbortSystemShutdownA

kernel32

IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
SetProcessWorkingSetSize
ExitProcess
GetModuleHandleA

ole32

IsValidPtrOut
IsValidIid
IsEqualGUID
IsAccelerator
CoGetMalloc
CoFileTimeNow
CoCreateGuid

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoA
SetupGetInfFileListA
SetupGetLineByIndexW

user32

BroadcastSystemMessageW
CharPrevW
EnumDesktopsA
EnumWindowStationsA
GetCapture
GetClassNameA
IsCharAlphaA
IsDialogMessageA
OpenDesktopW
OpenWindowStationA
ReleaseCapture
SendMessageA
SystemParametersInfoA
OpenClipboard

comctl32

ImageList_SetImageCount
ImageList_GetIconSize

msvcrt

__p__fmode
exit
vswprintf
__p__commode

Exports

Exports

EeLiopaeSqfrhch
UGFetsqltHuUzXhDmq
WoeflvraalaobrHn
btcxskxopufpXdWavemr
cantkuwpdCuXtUvbaikG
dhxrkjljbwkyL
hXsGuTkkfbwi
hijdAbehjbZb
mNkquwyOyZLpjIj
mkavmdgawmwpxptzceupw
nJgdlroserVtta
paxQVcSymrife
rgacoUtpgxawdvKzcu

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

620ceffc9d14da1068d53a34d50854f1

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

setupapi

user32

comctl32

msvcrt

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 36KB

.data Size: 139KB - Virtual size: 140KB

.rdata Size: 158KB - Virtual size: 160KB

.bss Size: - Virtual size: 204KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 848B

.text
Size: 35KB - Virtual size: 36KB

.data
Size: 139KB - Virtual size: 140KB

.rdata
Size: 158KB - Virtual size: 160KB

.bss
Size: - Virtual size: 204KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 848B