12afb898bf770f92602dd3afe8f75309

Sharing

Copy URL

Twitter E-mail

General

Target

12afb898bf770f92602dd3afe8f75309
Size

512KB
MD5

12afb898bf770f92602dd3afe8f75309
SHA1

3ad84367bbab522a09082360b2974803c10611da
SHA256

7be47870030872b1ca25e376a512b94dfa4a7e8e4572b7c6ce01efa0f7245999
SHA512

ab89c9a13f474560f18bbc65dd19f46f62917269407ff0b3c066ca659d5985bef653c7a6367002b1492a64658bc6a8eafb1f7fd1ff8a1ffaf1514a008f356bba
SSDEEP

12288:bE0dszx+rMG5ACFfp5wBOcXSJHAa3/UqdIEqL9H:re9+YG5ACFR5wBOcCHcq3kH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12afb898bf770f92602dd3afe8f75309

Files

12afb898bf770f92602dd3afe8f75309
.dll windows:4 windows x86 arch:x86

7e4544eecfc1a5954dd8ee7df5101562

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueA

user32

CharLowerA
CharPrevA
CharNextA
GetSystemMetrics
GetWindowThreadProcessId
EnumWindows
GetClassNameA
GetWindowTextA

advapi32

SetSecurityDescriptorDacl
IsValidSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetTokenInformation
EqualSid
RegSetValueA
RegQueryValueA
FreeSid
GetUserNameA
AllocateAndInitializeSid
LookupAccountNameA
SetSecurityDescriptorOwner

shell32

SHGetSpecialFolderPathA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetTimeZoneInformation
AreFileApisANSI
Sleep
GetFileAttributesW
DeleteFileW
GetTempPathW
LockFile
LockFileEx
UnlockFile
GetFullPathNameA
GetFullPathNameW
LoadLibraryW
GetSystemTime
CreateFileW
GetWindowsDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
FlushFileBuffers
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcpyA
CloseHandle
ReadFile
PeekNamedPipe
WriteFile
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
GetFileSize
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableW
GetPrivateProfileStringA
TerminateProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
CreateDirectoryA
GetTempPathA
MoveFileA
GetTickCount
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTempFileNameA
GetSystemTimeAsFileTime
GetPrivateProfileSectionA
GetACP
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
ExitProcess
SetFileAttributesA
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
GetOEMCP
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
SetEndOfFile
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
IsBadReadPtr
IsBadCodePtr

Exports

Exports

CNNICCompatible
ChromeCompatible
DllMain
GetCookie
GoogleCompatible
RP12Compat
RP12CompatCheck
RP12CompatCheckCN
RP12InstallCheck
RemoveOldEvents
StubInstall
SuperPassEnabled
WeatherChannelCompatible

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e4544eecfc1a5954dd8ee7df5101562

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

shell32

version

kernel32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 336KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 100KB - Virtual size: 98KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 100KB - Virtual size: 98KB

.reloc
Size: 16KB - Virtual size: 13KB