2172fdc8532872295d309682c5f323d9

Sharing

Copy URL

Twitter E-mail

General

Target

2172fdc8532872295d309682c5f323d9
Size

400KB
MD5

2172fdc8532872295d309682c5f323d9
SHA1

a539b7fcb7706ade3f5a3e9b01c27ae2399fbe61
SHA256

efbdd00df327459c9db2ffc79b2408f7f3c60e8ba5f8c5ffd0debaff986863a8
SHA512

7aa5c086f027fe6a2507389b9b3f0390649e8ab4f3080c89827dfcbfbf3ede5d9df5f9b385a3596f1b7bb0a9d80b330edee7a9b88c868090f7d9ce151e862191
SSDEEP

12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049:rj6smL+dAZE6Ig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2172fdc8532872295d309682c5f323d9

resource
2172fdc8532872295d309682c5f323d9

Files

2172fdc8532872295d309682c5f323d9
.dll windows:4 windows x86 arch:x86

ec6233bbd99d1fc843fa65ec2c569af4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatW
FindResourceW
LoadResource
QueryPerformanceCounter
GetModuleHandleW
OpenProcess
GetSystemDirectoryW
LoadLibraryW
Sleep
GetVersionExW
GetModuleFileNameW
CreateFileW
GetCurrentDirectoryW
GetProcAddress
VirtualProtectEx
GetCurrentThreadId
GetSystemTime
GetVolumeInformationW
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
LoadLibraryA
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
DebugBreak
WriteFile
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
GetOEMCP
GetACP
ExitProcess
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
GetModuleFileNameA
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection

user32

UnhookWinEvent
SetWinEventHook

ole32

OleUninitialize
OleSetContainedObject
OleInitialize

uxtheme

GetThemeBackgroundRegion
CloseThemeData
GetThemeTextExtent
OpenThemeData
DrawThemeBackground

oleacc

GetOleaccVersionInfo
AccessibleObjectFromPoint
WindowFromAccessibleObject

pdh

PdhSelectDataSourceW
PdhGetDefaultPerfObjectHW
PdhGetDefaultPerfObjectW
PdhGetFormattedCounterArrayW
PdhEnumObjectsW
PdhExpandWildCardPathW
PdhReadRawLogRecord
PdhGetCounterTimeBase
PdhBindInputDataSourceW
PdhEnumLogSetNamesW
PdhUpdateLogFileCatalog
PdhEnumObjectsHW
PdhGetCounterInfoW
PdhExpandCounterPathW
PdhConnectMachineW
PdhCloseQuery
PdhGetRawCounterArrayW
PdhGetDataSourceTimeRangeH
PdhUpdateLogW
PdhEnumMachinesW
PdhOpenLogW
PdhCollectQueryDataEx
PdhGetRawCounterValue
PdhEnumObjectItemsHW
PdhGetDefaultPerfCounterHW
PdhAddCounterW
PdhCreateSQLTablesW
PdhSetLogSetRunID
PdhOpenQueryW
PdhExpandWildCardPathHW
PdhGetFormattedCounterValue
PdhParseInstanceNameW
PdhSetQueryTimeRange
PdhRemoveCounter
PdhGetDataSourceTimeRangeW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhGetLogSetGUID
PdhFormatFromRawValue
PdhLookupPerfNameByIndexW
PdhLookupPerfIndexByNameW
PdhGetDllVersion
PdhGetLogFileSize
PdhComputeCounterStatistics
PdhBrowseCountersW
PdhEnumObjectItemsW
PdhBrowseCountersHW
PdhVerifySQLDBW
PdhGetDefaultPerfCounterW
PdhSetCounterScaleFactor
PdhParseCounterPathW
PdhValidatePathW
PdhMakeCounterPathW
PdhEnumMachinesHW
PdhSetDefaultRealTimeDataSource
PdhOpenQueryH

Exports

Exports

Broke
Necessaryearly

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6233bbd99d1fc843fa65ec2c569af4

Headers

File Characteristics

Imports

kernel32

user32

ole32

uxtheme

oleacc

pdh

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 368KB

.data Size: 8KB - Virtual size: 84KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 372KB - Virtual size: 368KB

.data
Size: 8KB - Virtual size: 84KB

.reloc
Size: 16KB - Virtual size: 15KB