226a5cdb6357b12e5f873643b668859f

Sharing

Copy URL Twitter E-mail

General

Target

226a5cdb6357b12e5f873643b668859f
Size

1.6MB
MD5

226a5cdb6357b12e5f873643b668859f
SHA1

cbe3863bb32f545f1d1baa6eb0de30955aa1a385
SHA256

b138e6c9154ad93ab6dec8c6b4962bca2098c2f58a1ebb30f9178d53b5a62e1c
SHA512

6196067bccbfeb218425b01afb8ecedd139d82a54ca6ac0336f2db0e7b1e24ba8b508bc85fe99252c25a58644eb7e9faf926e21bb4983b810a4b57ea22d3db65
SSDEEP

24576:M4L1Pge582Jqwz+p3JTM1FGNHf3kIGQ5ZhTd93ya2Fm65hQQi+eZz7O/w97AjC0Z:M4D582SZqqHf3OMLAhQQiDVBEjC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
226a5cdb6357b12e5f873643b668859f

Files

226a5cdb6357b12e5f873643b668859f
.dll windows:6 windows x64 arch:x64

d99f5e98b212ce93af966ad4f49187d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalFree
GetBinaryTypeA
FormatMessageA
FreeLibrary
OpenFileMappingA
LoadLibraryA
MoveFileExA
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
IsDBCSLeadByte
HeapSize
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnmapViewOfFile
MapViewOfFileEx
GetVersionExW
GetTickCount
GetSystemTime
CreateProcessA
GetCurrentThread
CreateThread
GetExitCodeProcess
GetCurrentProcess
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CreatePipe
SetLastError
GetLastError
DuplicateHandle
CloseHandle
OutputDebugStringA
DebugBreak
SetFileTime
ReadFile
GetFullPathNameA
GetFileSize
GetFileAttributesExA
FindFirstFileA
FindClose
CreateFileW
CreateFileA
GetCurrentDirectoryA
CreateFileMappingA
GetStdHandle
WriteConsoleW
RemoveDirectoryW
CreateDirectoryW
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
RtlUnwind
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCurrentDirectoryW
EnumSystemLocalesW
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetACP
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID

advapi32

OpenProcessToken
AccessCheck
CopySid
DuplicateToken
DuplicateTokenEx
EqualSid
GetLengthSid
GetTokenInformation
MapGenericMask
GetFileSecurityA
CreateProcessAsUserA
ConvertSidToStringSidW
OpenThreadToken

imm32

ImmGetOpenStatus
ImmGetConversionStatus
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmSetCompositionStringW
ImmGetCompositionFontA
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmIsIME
ImmGetProperty
ImmInstallIMEW
ImmInstallIMEA
ImmSetOpenStatus
ImmGetCompositionFontW
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetConversionListA
ImmGetConversionListW
ImmNotifyIME
ImmGetStatusWindowPos
ImmSetStatusWindowPos
ImmRegisterWordA
ImmUnregisterWordA
ImmGetRegisterWordStyleW
ImmSetCompositionStringA
ImmGetImeMenuItemsW

winmm

joySetThreshold
joyGetThreshold
joyGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetID
mixerClose
mixerOpen
mixerGetNumDevs
midiInGetID
midiInAddBuffer
midiInGetErrorTextW
midiInGetErrorTextA
midiInGetDevCapsA
midiOutGetDevCapsA
midiOutGetNumDevs
mmioGetInfo
waveInGetErrorTextA
waveInGetNumDevs
mmioSetBuffer
mmioSetInfo
mmioWrite
mmioRead
mmioClose
mmioRenameA
mmioOpenA
mmioInstallIOProcW
mmioStringToFOURCCW
mciGetErrorStringW
mciGetDeviceIDW
mciSendCommandW
waveInGetID

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d99f5e98b212ce93af966ad4f49187d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 10KB - Virtual size: 50KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 10KB - Virtual size: 50KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB