74ba8aa1e0053c534406b2d3cd286fe2

Sharing

Copy URL

Twitter E-mail

General

Target

74ba8aa1e0053c534406b2d3cd286fe2
Size

1.1MB
MD5

74ba8aa1e0053c534406b2d3cd286fe2
SHA1

b3b92c765d6d07c937788d25db9574899e3b1438
SHA256

21b68f0843d41d8ac98f87ea98483da9aa8e0a9e51ed42b31c59bf4d36fbea7a
SHA512

bdf3fc4c833feadb6bf6c686a26234c6b10b27c142afa2a2662ed355644cb552805bf1639909d3aff3faa3cdcbd38a317042b13212d5710c7d4d0b92bb4d6f8a
SSDEEP

24576:20hRoX7iGWvzYVjAm8Bvoc1Wf3XQFYSypI6nrnTQxYrlS9nemf2:26SXmvUV8BQvGcpIoaglSR7f2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74ba8aa1e0053c534406b2d3cd286fe2

Files

74ba8aa1e0053c534406b2d3cd286fe2
.dll windows:6 windows x64 arch:x64

41946e19aeed05b3f3bcea99158d254c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
WaitForMultipleObjects
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeThread
ExitThread
GetCurrentThread
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
CloseHandle
ReadFile
GetFullPathNameA
GetFileSize
FindNextFileA
FindFirstFileA
FindClose
CreateFileW
SetCurrentDirectoryA
SetEndOfFile
HeapSize
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
RtlUnwind
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetConsoleCP
WriteFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetModuleFileNameA
GetTimeZoneInformation
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
EncodePointer
DecodePointer
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

user32

DefWindowProcW

gdi32

SwapBuffers
SetDeviceGammaRamp
GetDeviceGammaRamp
SetPixelFormat
GetDeviceCaps
DescribePixelFormat
DeleteDC
CreateDCW

comdlg32

CommDlgExtendedError
FindTextW
FindTextA
GetFileTitleW
GetFileTitleA

advapi32

LogonUserW
BuildTrusteeWithSidA
BuildSecurityDescriptorA
ConvertStringSidToSidA
SaferiIsExecutableFileType
SaferRecordEventLogEntry
SaferIdentifyLevel
SaferCloseLevel
QueryTraceW
StopTraceW
StartTraceW
LsaEnumerateAccountRights
LsaSetDomainInformationPolicy
LsaQueryDomainInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetCurrentHwProfileW
GetCurrentHwProfileA
AddAccessAllowedObjectAce
ObjectCloseAuditAlarmA
ObjectOpenAuditAlarmA
RevertToSelf
PrivilegedServiceAuditAlarmW
ObjectPrivilegeAuditAlarmW
InitializeAcl
ImpersonateLoggedOnUser
GetSidLengthRequired
DuplicateTokenEx
ConvertToAutoInheritPrivateObjectSecurity
AreAllAccessesGranted
AdjustTokenPrivileges
AddAuditAccessAceEx
OpenProcessToken

shlwapi

AssocCreate
ord280
SHRegGetUSValueW
SHRegGetPathW
UrlApplySchemeW
UrlApplySchemeA
UrlIsW
UrlIsA
UrlCanonicalizeW
PathSkipRootA
PathSetDlgItemPathW
PathSearchAndQualifyA
PathMatchSpecW
PathMakePrettyA
PathIsFileSpecW
PathGetCharTypeA
PathFindNextComponentA
PathCommonPrefixW
PathCompactPathW
ord155
StrChrW
PathRemoveFileSpecA

opengl32

glViewport
glVertexPointer
glTexSubImage2D
glTexParameteri
glTexImage2D
glTexCoordPointer
glPixelStorei
glOrtho
glMatrixMode
glLoadIdentity
glGetString
glGetIntegerv
glGenTextures
glEnableClientState
glEnable
glDrawArrays
glDisableClientState
glDeleteTextures
glColor4f
glClearColor
glClear
glBindTexture
wglShareLists
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext

Sections

.text
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41946e19aeed05b3f3bcea99158d254c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shlwapi

opengl32

Sections

.text Size: 937KB - Virtual size: 936KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 23KB - Virtual size: 384KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 937KB - Virtual size: 936KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 23KB - Virtual size: 384KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB