0c446918d888b1b581272de46d6759e5

Sharing

Copy URL Twitter E-mail

General

Target

0c446918d888b1b581272de46d6759e5
Size

1.6MB
MD5

0c446918d888b1b581272de46d6759e5
SHA1

f791bca0275b88ac512686d6950bee69dbc67906
SHA256

184461c447f5b8e41ac725580ed57f55a24a29ab014d31cffaef1d4fcebeea30
SHA512

d314fdb6aab9cae6dde4c5c3f19957d8a5c230546cb7cc8fcf19fd06df5bb218969b1b05d904d623b1fd4f6de1c6112f56e23db20f732d84de7ed824d096a12e
SSDEEP

49152:BYW4wEJcHhV34SKFKb87JjOQzfjlOUNsnjt9FbdEK:38yrK7cQzfjJsnj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c446918d888b1b581272de46d6759e5

Files

0c446918d888b1b581272de46d6759e5
.dll windows:6 windows x64 arch:x64

6817f33f0d26c13cc88403966e771fd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteTimerQueueTimer
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
GetBinaryTypeA
FormatMessageA
CreateFileMappingA
OpenFileMappingA
LoadLibraryA
MoveFileExA
GetComputerNameA
SetComputerNameExA
FileTimeToSystemTime
SystemTimeToFileTime
CreateJobObjectA
WideCharToMultiByte
IsDBCSLeadByte
EnumCalendarInfoExW
HeapSize
Sleep
CreateMutexW
CreateMutexA
WaitForSingleObject
ReleaseMutex
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CreatePipe
SetLastError
GetLastError
DuplicateHandle
CloseHandle
OutputDebugStringA
DebugBreak
SetFileTime
ReadFile
GetFullPathNameA
GetFileSize
GetFileAttributesExA
RemoveDirectoryW
CreateDirectoryW
WriteConsoleW
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetVersionExW
GetTickCount
GetSystemTime
CreateProcessA
GetCurrentThread
CreateThread
GetExitCodeProcess
GetOverlappedResult
GetCurrentProcess
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
RtlUnwind
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
GetACP
GetFullPathNameW
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleFileNameA
SetStdHandle
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
InitializeSListHead
GetCurrentThreadId
FindNextFileA
FindFirstFileA
FindClose
CreateFileW
CreateFileA
GetCurrentDirectoryA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId

advapi32

CredRenameA
OpenThreadToken
AccessCheck
CopySid
DuplicateToken
DuplicateTokenEx
EqualSid
GetLengthSid
BuildSecurityDescriptorA
GetNamedSecurityInfoA
CredFree
CredMarshalCredentialW
GetTokenInformation
CredEnumerateA
ConvertSidToStringSidW
QueryAllTracesW
CreateProcessAsUserA
GetFileSecurityA
MapGenericMask
InitializeSid
OpenProcessToken

shell32

SHGetFolderPathAndSubDirA
SHChangeNotify
ord2
ord4
DoEnvironmentSubstA
Shell_NotifyIconA
SHGetFolderPathA

shlwapi

PathIsDirectoryA
SHRegGetValueW
StrToIntW
PathIsFileSpecA
PathMakeSystemFolderW

imm32

ImmGetRegisterWordStyleW
ImmNotifyIME
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetGuideLineA
ImmGetCandidateListW
ImmGetCompositionStringW
ImmDestroyContext
ImmCreateContext
ImmGetIMEFileNameA
ImmInstallIMEA

urlmon

CreateURLMoniker
RegisterBindStatusCallback
RevokeBindStatusCallback
GetClassFileOrMime
IsValidURL
RegisterFormatEnumerator
FindMediaTypeClass
CoInternetParseUrl
CoInternetCompareUrl
CoInternetSetFeatureEnabled
CoInternetIsFeatureZoneElevationEnabled
ReleaseBindInfo
CreateFormatEnumerator
CopyBindInfo
CoInternetIsFeatureEnabled

winmm

mciGetErrorStringW
mciSendStringW
midiInGetID
mixerGetLineControlsA
mmioOpenW
mixerGetID
mixerClose
mixerOpen
mixerGetDevCapsW
mmioClose
midiOutGetNumDevs
midiOutGetErrorTextW
midiOutGetID
midiInGetNumDevs
mixerGetNumDevs
midiInGetErrorTextA

rpcrt4

MesBufferHandleReset
MesDecodeBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
I_RpcMapWin32Status
MesHandleFree

comctl32

ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Duplicate
ord15

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6817f33f0d26c13cc88403966e771fd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

imm32

urlmon

winmm

rpcrt4

comctl32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 21KB - Virtual size: 95KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 21KB - Virtual size: 95KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB