229a6b6f4dc81ee231aef96182f62c73

Sharing

Copy URL Twitter E-mail

General

Target

229a6b6f4dc81ee231aef96182f62c73
Size

7.8MB
MD5

229a6b6f4dc81ee231aef96182f62c73
SHA1

d743771efaf54cfc35436bffa8ea7c7da50b57b6
SHA256

851432eae6f418af3c27709756b63bb77f06af275d10669dd80864ca480348bb
SHA512

5f47661279caf37cf60da388658dd536e1002c9bab8f3ea3b18c4358bb078d1638618b52297f709cdb0247207c5210cab93a8b17c698595dfa9832d6fef66181
SSDEEP

196608:dis3jEjajms07BXqvugfE7XUs9IvPJeq2Ye:d33jEujms07BqGgM7XlIHJ/2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
229a6b6f4dc81ee231aef96182f62c73

Files

229a6b6f4dc81ee231aef96182f62c73
.dll windows:6 windows x86 arch:x86

a56f813c00b6cd5398b0b5ca20d27a8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
TlsAlloc
GetCurrentProcessId
QueueUserAPC
PostQueuedCompletionStatus
ReadFile
GetFileSize
HeapAlloc
GetWindowsDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceW
GetEnvironmentVariableA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
OutputDebugStringA
InitializeProcThreadAttributeList
GetProcessHeap
UpdateProcThreadAttribute
SetEnvironmentVariableA
TerminateProcess
OpenEventA
DisableThreadLibraryCalls
TlsFree
GetFullPathNameA
GlobalMemoryStatusEx
GetQueuedCompletionStatus
CreateIoCompletionPort
VirtualProtect
HeapFree
InitializeCriticalSectionAndSpinCount
SleepEx
SetWaitableTimer
SetLastError
CreateWaitableTimerW
TlsGetValue
TlsSetValue
HeapCreate
Thread32Next
Thread32First
SuspendThread
ResumeThread
HeapReAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
CreateThread
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ExitProcess
DeleteFileW
MoveFileExW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
VirtualFree
SetConsoleCtrlHandler
ExitThread
CreateFileW
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
FlushFileBuffers
FindResourceA
GetModuleHandleExA
LockResource
LoadResource
SizeofResource
WriteFile
CreateFileA
LoadLibraryA
lstrcmpiW
DecodePointer
InitializeCriticalSectionEx
RaiseException
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
IsValidCodePage
VirtualAlloc
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
HeapSize
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
SystemTimeToFileTime
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
FindFirstFileW
ConvertFiberToThread
ConvertThreadToFiber
SwitchToFiber
DeleteFiber
CreateFiber
GetVersion
GetFileType
GetEnvironmentVariableW
GetStdHandle
InterlockedCompareExchange
InterlockedExchangeAdd
GetModuleHandleExW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
LocalFree
LocalAlloc
GetCurrentThreadId
GetModuleHandleA
DeleteCriticalSection
Sleep
TerminateThread
WaitForMultipleObjects
SetEvent
WaitForSingleObject
ResetEvent
CreateEventW
GetLastError
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
FreeLibrary
GetProcAddress
OutputDebugStringW
LoadLibraryW
FindFirstFileExW
FindClose
WriteConsoleW
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
EncodePointer
TryEnterCriticalSection
FormatMessageW
GetFileAttributesA
GlobalUnlock
GlobalLock
GetDriveTypeW
GlobalAlloc

user32

LoadCursorW
RegisterClassExW
LoadStringA
PostQuitMessage
FindWindowW
DefWindowProcW
TranslateAcceleratorW
GetWindowThreadProcessId
SetTimer
CloseClipboard
UpdateWindow
EndPaint
BeginPaint
OpenClipboard
SetClipboardData
EmptyClipboard
CreateWindowExW
TranslateMessage
DispatchMessageW
GetMessageW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegSetValueExA
GetLengthSid
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
RegQueryValueExA
SetTokenInformation
CreateProcessAsUserW
OpenServiceA
StartServiceW
RegFlushKey
OpenSCManagerW
CreateServiceA
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize

oleaut32

BSTR_UserFree
BSTR_UserSize
BSTR_UserUnmarshal
BSTR_UserMarshal
SysAllocString
SysStringLen
VariantClear

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
getnameinfo
recv
send
socket
gethostname
WSAStartup
setsockopt
bind
listen
WSARecv
WSASend
WSAGetLastError
select
WSAAddressToStringW
ntohs
__WSAFDIsSet
WSASetLastError
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
htonl
WSAIoctl
inet_pton
accept
connect
getsockopt
getpeername
getsockname
WSACleanup
htons
WSASocketW
shutdown

crypt32

CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameA

shlwapi

PathStripPathA
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsA

bcrypt

BCryptDestroyKey
BCryptSetProperty
BCryptDecrypt
BCryptEncrypt
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

rpcrt4

RpcServerUseProtseqEpA
RpcServerListen
NdrServerCall2
RpcServerRegisterIf

mswsock

GetAcceptExSockaddrs
AcceptEx

fltlib

FilterGetMessage
FilterReplyMessage
FilterConnectCommunicationPort
FilterSendMessage

Exports

Exports

CB_Init
Start

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a56f813c00b6cd5398b0b5ca20d27a8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

crypt32

psapi

shlwapi

bcrypt

rpcrt4

mswsock

fltlib

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 613KB - Virtual size: 613KB

.data Size: 58KB - Virtual size: 77KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 108KB - Virtual size: 107KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 613KB - Virtual size: 613KB

.data
Size: 58KB - Virtual size: 77KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 108KB - Virtual size: 107KB