05d4e6efbf2a2aff6952b51e6297e398

Sharing

Copy URL

Twitter E-mail

General

Target

05d4e6efbf2a2aff6952b51e6297e398
Size

2.4MB
MD5

05d4e6efbf2a2aff6952b51e6297e398
SHA1

434a73957117e79cfb7033012b0ef324ddebe845
SHA256

b3458f5472f1f2af7b08ad8258607666cd16f94dbfdfda4d5023a9d58d714baa
SHA512

3cf5310a29a6d95b6fedc30aec234938484572aa859237662f8b343e289cd10cbc8522fd90173c95449898ff9f914d3b5421e6f7f8821387ebded7b1b076fe9d
SSDEEP

49152:0xrI46rkj8agYjgBNsKci9qlnuPvp8QeiXTqIVn5dt:04oj8/YjgsKci9Ccp8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d4e6efbf2a2aff6952b51e6297e398

Files

05d4e6efbf2a2aff6952b51e6297e398
.dll windows:6 windows

4d2b1d7290eeb8a0894749c840d9503b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
DisableThreadLibraryCalls
LoadLibraryW
GetFileSizeEx
CreateFileW
HeapCreate
VirtualProtect
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
CreateMutexA
ResumeThread
Sleep
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetLastError
Process32NextW
K32GetModuleFileNameExA
OpenProcess
GetModuleFileNameA
GetModuleHandleExA
Process32FirstW
Module32FirstW
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleW
Module32NextW
GetCurrentProcess
CloseThreadpoolTimer
CreateThread
GetCurrentProcessId
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryAndExitThread
CloseHandle
WaitForSingleObject
OpenMutexA
GetModuleHandleA
GetProcAddress
LocalFree
WideCharToMultiByte
LocalAlloc
SuspendThread
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileAttributesExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitThread
FormatMessageW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetThreadTimes
InitializeCriticalSection
SleepEx
ExpandEnvironmentStringsA
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
FormatMessageA
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
InterlockedExchangeAdd
InterlockedCompareExchange
WriteFile
GetVersion
GetModuleHandleExW
CreateFiber
DeleteFiber
SwitchToFiber
FindClose
FindFirstFileW
FindNextFileW
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTime
SystemTimeToFileTime
SetEvent
ResetEvent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind

user32

UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptReleaseContext

oleaut32

VariantClear

ws2_32

getpeername
getsockname
closesocket
bind
send
recv
WSASetLastError
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
select
getsockopt
htons
ntohs
shutdown
getnameinfo
connect
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname

wldap32

ord60
ord50
ord211
ord46
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

Exports

Exports

Install
SetRedirectUrlStatus
SetTargetUrl
SetTargetUrlCString
UnInstall

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d2b1d7290eeb8a0894749c840d9503b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

wldap32

crypt32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 557KB - Virtual size: 557KB

.data Size: 30KB - Virtual size: 48KB

SHARED Size: 1024B - Virtual size: 524B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 88KB - Virtual size: 88KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 557KB - Virtual size: 557KB

.data
Size: 30KB - Virtual size: 48KB

SHARED
Size: 1024B - Virtual size: 524B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 88KB - Virtual size: 88KB