01871b922094f60c17a4a3c60d527088

Sharing

Copy URL Twitter E-mail

General

Target

01871b922094f60c17a4a3c60d527088
Size

304KB
MD5

01871b922094f60c17a4a3c60d527088
SHA1

c96f5c15cbfc65edcee41d8660f440460a358973
SHA256

339b46ec5abd35aadef11041ae6aee84739c360746a76e2e14260ac5e2508f7c
SHA512

8459d6978d847b2b70f9f127da4749c923531b6d5f1aff89b2cfba5b210e493cac7f1742b5c2565eff2f4ed4918a77fff26883a5d44f2b810954a5df45d82d9f
SSDEEP

3072:4miT/Dtir5aSdNu89NUq061hv8j5CAbNjMoXN3FQLibzdT6pj2jCE+c3ChPNtUHL:UT/AjNU+ujsojMAFL2hPQ90zY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01871b922094f60c17a4a3c60d527088

Files

01871b922094f60c17a4a3c60d527088
.dll windows:4 windows x86 arch:x86

40b83da2c08808887eb4997481b65d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CopySid
DeregisterEventSource
GetLengthSid
IsValidSid
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
CryptSetHashParam
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
LsaGetSystemAccessAccount
RegQueryValueExW

gdi32

GetRasterizerCaps
CreateDCW
DeleteDC
DeleteObject
EndDoc
EndPage
ExtTextOutA
GetDeviceCaps
GetObjectW
GetStockObject
GetTextExtentExPointW
PolyTextOutA
SelectObject
SetBrushOrgEx
StartDocW
TextOutW

kernel32

DisableThreadLibraryCalls
FindFirstFileA
FormatMessageW
GetProcessHeap
GetSystemTimeAsFileTime
InterlockedCompareExchange
InterlockedExchange
Sleep
lstrlenW
CloseHandle
CopyFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteFileW
EnumCalendarInfoExA
ExpandEnvironmentStringsW
FoldStringW
GetCurrentProcess
GetCurrentProcessId
GetFileSize
GetFullPathNameW
GetSystemTime
GetTempFileNameW
GetTempPathW
GetTickCount
LoadLibraryW
LocalFree
MapViewOfFile
MapViewOfFileEx
MoveFileW
MulDiv
OpenMutexW
OutputDebugStringW
ReadConsoleOutputCharacterW
ReleaseMutex
SetEndOfFile
SetEnvironmentVariableW
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WinExec
WriteFile
lstrlenA
GetLastError
HeapFree
GetTimeFormatA
GetDateFormatA
RtlUnwind
CreateProcessA
DuplicateHandle
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetFileAttributesA
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CreatePipe
GetExitCodeProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
FlushFileBuffers
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA

ole32

OleGetAutoConvert
HPALETTE_UserMarshal
HICON_UserUnmarshal
HBRUSH_UserUnmarshal
HACCEL_UserUnmarshal
SNB_UserUnmarshal
OleGetClipboard
CreateDataAdviseHolder

oleaut32

SafeArrayAccessData
OleCreatePictureIndirect

shell32

ExtractIconExW
SHCreateDirectoryExA
ShellExecuteExW

Exports

Exports

Qogkmu

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40b83da2c08808887eb4997481b65d55

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 44KB - Virtual size: 53KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 44KB - Virtual size: 53KB

.reloc
Size: 12KB - Virtual size: 11KB