00f9941470194b9b902fc9c5fe233804

Sharing

Copy URL Twitter E-mail

General

Target

00f9941470194b9b902fc9c5fe233804
Size

1.7MB
MD5

00f9941470194b9b902fc9c5fe233804
SHA1

7d04438e8720e02db48327a2c1df8ccd9f1e7572
SHA256

5f6a7f3a7e1e34e7c3aaf0e99b1e6f3ebd885683e3da0016390df6baeb9a8941
SHA512

8131a1c6c95cefe683526d43ba7089f1f9f6ac3a35093a8ac53241c7061fca7860e3c7a5001f5cfa1af8f6646c41e1f23fd2674637b0624c655fef384ef3b8c3
SSDEEP

24576:lR3/dK55EIK281H2ijFi98NrwnR9vW1T/GKILEhIEaFZAeVCVmsr8tsXGPKQGB3c:lZdjXXVxiKNknR9vWhGyevNS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f9941470194b9b902fc9c5fe233804

Files

00f9941470194b9b902fc9c5fe233804
.dll windows:4 windows x86 arch:x86

516cb5cfe5724934fe66402a06662c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

userenv

FreeGPOListW
GetProfilesDirectoryW
ord152
ord141
ord142
ord127
ord175
LoadUserProfileW
LeaveCriticalPolicySection
ord135
CreateEnvironmentBlock
GetUserProfileDirectoryA
ord146
GetDefaultUserProfileDirectoryW
UnregisterGPNotification
RegisterGPNotification
EnterCriticalPolicySection

ole32

OleRegGetUserType
CoGetCallerTID
PropSysAllocString
StgSetTimes
CoMarshalInterface
OleIsRunning
PropSysFreeString
ReleaseStgMedium
CoGetObjectContext

msvcrt

__p__commode
sprintf
towupper
__setusermatherr
_fsopen
_mbsrchr
exit
_read
_CIasin
_acmdln
_CIpow
__p__environ
_ismbblead
wcstombs
calloc
__lc_collate_cp

kernel32

GetCurrentThreadId
SetLocaleInfoA
GetCurrencyFormatW
WriteProfileStringA
MulDiv
GetSystemInfo
GetConsoleAliasExesW
InterlockedDecrement
GetTempPathA
MapViewOfFileEx
GetProcessTimes
SignalObjectAndWait
GetCurrentProcessId
FindResourceW
GetVersion
HeapCreate
VirtualAlloc
GetFileAttributesW
SetHandleCount
GetModuleHandleW
GetProcessHeaps
WideCharToMultiByte
GetCommandLineW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 861KB - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 779KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

516cb5cfe5724934fe66402a06662c46

Headers

DLL Characteristics

File Characteristics

Imports

userenv

ole32

msvcrt

kernel32

Sections

.text Size: 89KB - Virtual size: 89KB

.CRT Size: 5KB - Virtual size: 72KB

.orpc Size: 861KB - Virtual size: 929KB

.data Size: 779KB - Virtual size: 847KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 89KB - Virtual size: 89KB

.CRT
Size: 5KB - Virtual size: 72KB

.orpc
Size: 861KB - Virtual size: 929KB

.data
Size: 779KB - Virtual size: 847KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB