595e1de154e7a8db63fec5e9bba4851a

Sharing

Copy URL Twitter E-mail

General

Target

595e1de154e7a8db63fec5e9bba4851a
Size

446KB
MD5

595e1de154e7a8db63fec5e9bba4851a
SHA1

f372ee70251ea88f21806e2f17a845713781f829
SHA256

747c588a751c6878a9c967c962752de370bed193a55fe10996ce883cd400f161
SHA512

ecac4048e81529c363634889a632fec1c1bedfc29d7357fc33f5a99d20e80bd8d47b5ea090be29cfc358c95948f413d87ad9731415a4964d9738d7e918acce17
SSDEEP

12288:KsrE0dYKVQ71Y9D/mflT/eyz3Rt9bRFp:KiE0dZV+sD/wlTWo39bP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
595e1de154e7a8db63fec5e9bba4851a

Files

595e1de154e7a8db63fec5e9bba4851a
.dll windows:5 windows x86 arch:x86

da6ddfd179e3e113f44fb89cd306145b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CancelTimerQueueTimer
CreateWaitableTimerA
DefineDosDeviceA
DeleteCriticalSection
DeleteFileA
DeleteTimerQueue
DisconnectNamedPipe
EnumCalendarInfoA
ExitProcess
FindFirstFileA
FlushInstructionCache
GetCommandLineA
GetComputerNameW
GetCurrentThread
GetDefaultCommConfigW
GetFileAttributesExW
GetFileSize
GetFileSizeEx
GetLocalTime
GetOverlappedResult
GetProcAddress
GetShortPathNameA
GetSystemDefaultLCID
GetTickCount
GetVolumeInformationW
GetWindowsDirectoryA
GlobalFindAtomA
GlobalHandle
HeapAlloc
IsBadStringPtrA
LoadResource
OpenMutexA
OpenSemaphoreA
ResumeThread
SetComputerNameA
SetCurrentDirectoryW
SetDefaultCommConfigW
SetLastError
Thread32Next
Toolhelp32ReadProcessMemory
UnlockFile
VerLanguageNameA
WaitForSingleObject
WideCharToMultiByte
WriteProfileSectionW

user32

UpdateWindow
SendMessageA
PostMessageA
wsprintfA
OemToCharW
LoadAcceleratorsW
GetCursor
EqualRect
EndDeferWindowPos
EnableWindow
DestroyCursor
CreatePopupMenu
CreateMenu
CreateIconFromResource
CreateDesktopW
CreateDesktopA
CloseWindow
CharToOemA

userenv

UnregisterGPNotification
RegisterGPNotification
FreeGPOListW
EnterCriticalPolicySection
GetProfilesDirectoryW

ntdll

RtlCreateRegistryKey
RtlCreateAndSetSD
RtlCheckRegistryKey
PfxFindPrefix
NtQueryTimerResolution
NtQueryInformationJobObject
NtQueryDefaultLocale
NtOpenTimer
NtNotifyChangeDirectoryFile
NtFlushWriteBuffer
NtFlushKey
RtlNtStatusToDosError
RtlValidateProcessHeaps
ZwFreeVirtualMemory
ZwImpersonateClientOfPort
ZwPrivilegedServiceAuditAlarm
RtlImageNtHeader

version

GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

Ggc
WuOq
eogjkyfqhjsuktjBaeh
fqcfddiejqBqexAct
gnlrnacmXi
ipx
jalvtdWi
kxphDkqnSwg
limZEbQlIAhuoovv
nqsuhjdtbc
tmkbqnjqgOikiMq
whnQtjZxXcczygjZN
xVZLgemDhkKfsgnjLkb

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da6ddfd179e3e113f44fb89cd306145b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

userenv

ntdll

version

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 362KB - Virtual size: 671KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 362KB - Virtual size: 671KB

.rsrc
Size: 26KB - Virtual size: 26KB