21abeaa96971053d75794fb31253d3b6

Sharing

Copy URL Twitter E-mail

General

Target

21abeaa96971053d75794fb31253d3b6
Size

1.1MB
MD5

21abeaa96971053d75794fb31253d3b6
SHA1

d7f1e038363813241bb39c684378ed74273eec07
SHA256

9993df053f31426a1403c7759d3c4a54e1edb48b7badfd3eee2be78dcc022023
SHA512

597c05378124262193f1f7409c90978c6cc31f13d14b3c2c375b60d72d29fe7090e4b35a7798a79921cc29f319e53527b468a5aeceef6b3a4c42cc9e21dcdcf4
SSDEEP

24576:0KnNk+/CcKErugDdNTUBdtrHG6elZF3h2TTTy3D3:0Knyc9ruAdNT8dVq/2Tvy3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21abeaa96971053d75794fb31253d3b6

Files

21abeaa96971053d75794fb31253d3b6
.dll windows:6 windows x64 arch:x64

3ef8bc3e8878b61fb9f81ce8283e8435

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
GetLastError
OutputDebugStringW
TerminateProcess
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GlobalDeleteAtom
GlobalAddAtomW
GlobalFree
GlobalAlloc
WriteConsoleW
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
LCMapStringW
FormatMessageW
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
CloseHandle
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
GetCPInfo
ExitProcess
GetModuleHandleExW
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteExW

msi

ord124
ord17
ord49
ord8
ord73
ord74
ord103
ord80

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AllowApplicationToCommunicationThroughWindowsDefenderFirwall
InstallDriverAction
InstallPluginAction

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 999KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ef8bc3e8878b61fb9f81ce8283e8435

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msi

version

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 999KB - Virtual size: 1008KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 999KB - Virtual size: 1008KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB