072b6fb2f9fcafbd7f11b4108895ea9a

Sharing

Copy URL Twitter E-mail

General

Target

072b6fb2f9fcafbd7f11b4108895ea9a
Size

300KB
MD5

072b6fb2f9fcafbd7f11b4108895ea9a
SHA1

ebed8211fef6aa9eb302b0e6ee9db7772e37b173
SHA256

ca8b6431d559b207c8211fa436151872f8e7268a7955c179ebb3b0cf49c889da
SHA512

0d05503383c2ece213bb13abf427da925190ddcff749021d00744c63cd3a07c6a2e60080958806538425ed1a6f2df487b551faa65524c6f65689d6a8626726e2
SSDEEP

6144:h8Ijn/hWhatIyxyvFjxyqtHA7RAwx7lpghzEu1m8OtR20yrW6:h8ITIgxsaEYRb7lpghzr1m16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072b6fb2f9fcafbd7f11b4108895ea9a

Files

072b6fb2f9fcafbd7f11b4108895ea9a
.dll windows:4 windows x86 arch:x86

153271d00a867caa7040ee8c3859d6e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
lstrlenA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
MapViewOfFileEx
GetTickCount
VirtualFree
InitializeCriticalSection
LeaveCriticalSection
ReadFile
lstrcmpiA
GetProcAddress
VirtualAlloc
EnterCriticalSection
SearchPathA
LoadLibraryA
CreateFileMappingA
LocalAlloc
GetModuleFileNameA
GetModuleHandleA
GetTempFileNameA
GetTempPathA
GetComputerNameA
GetCurrentProcess
LoadLibraryExW
SetFileAttributesA
CopyFileA
LoadLibraryW
DisableThreadLibraryCalls
VirtualAllocEx
MultiByteToWideChar
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
CloseHandle
CreateFileW
WriteFile
GetModuleHandleW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetCurrentProcessId
OutputDebugStringA
FlushInstructionCache
CreateProcessW
IsBadReadPtr
GetCurrentThread
CreateProcessA
ResumeThread
GetLastError
SetThreadContext
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
SuspendThread
GetThreadContext
TlsGetValue
TlsSetValue
SetLastError
GetFileSize
DeleteCriticalSection
CreateFileA
OpenMutexA
VirtualProtect
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsFree
LCMapStringA
WideCharToMultiByte
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind

user32

SetWindowsHookExA
CallNextHookEx
PostMessageA
wsprintfA
UnhookWindowsHookEx

advapi32

GetUserNameA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsn0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nsn1
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

153271d00a867caa7040ee8c3859d6e7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 16KB

.nsn0 Size: 8KB - Virtual size: 5KB

.nsn1 Size: 208KB - Virtual size: 207KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 16KB

.nsn0
Size: 8KB - Virtual size: 5KB

.nsn1
Size: 208KB - Virtual size: 207KB

.reloc
Size: 4KB - Virtual size: 2KB