06141a7a3bcae119c2eb99739435dc69

Sharing

Copy URL Twitter E-mail

General

Target

06141a7a3bcae119c2eb99739435dc69
Size

6.7MB
MD5

06141a7a3bcae119c2eb99739435dc69
SHA1

e2a90fa0f6dd69017d8f968f15aae10681280936
SHA256

c43c9ba50f8593868c6fd9820faecae785926bee6501ec0cd775de5fd5440cf7
SHA512

0b54a3b7412e28d4b629752a5bc51637868846e7e03ab46117a204116b176f5253ab2fedac283efaf82e24eead559dbf9fc5bd25f7cf5ebeccb5c5923e97f78c
SSDEEP

196608:2bLJomKWgdpclBHhMwd3NKjNyZjXxSlzqgaWEp:2JkWgd+vhMcNKjNOXYlha1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06141a7a3bcae119c2eb99739435dc69

Files

06141a7a3bcae119c2eb99739435dc69
.dll windows:6 windows x86 arch:x86

de08291548695080265425a645bc10bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

mouse_event
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptEncrypt

msvcp140

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmReleaseContext

xinput9_1_0

XInputGetCapabilities

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-stdio-l1-1-0

setvbuf

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

frexp

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_mktime64

ws2_32

gethostname

crypt32

CertFreeCertificateChainEngine

wldap32

ord45

normaliz

IdnToAscii

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flux0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.flux1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de08291548695080265425a645bc10bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

d3dcompiler_47

d3d11

imm32

xinput9_1_0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

ws2_32

crypt32

wldap32

normaliz

wtsapi32

Sections

.text Size: - Virtual size: 1017KB

.rdata Size: - Virtual size: 170KB

.data Size: - Virtual size: 994KB

.flux0 Size: - Virtual size: 4.1MB

.flux1 Size: 6.7MB - Virtual size: 6.7MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 1017KB

.rdata
Size: - Virtual size: 170KB

.data
Size: - Virtual size: 994KB

.flux0
Size: - Virtual size: 4.1MB

.flux1
Size: 6.7MB - Virtual size: 6.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B