24e019c79986ec993918ce405a03e90a

Sharing

Copy URL Twitter E-mail

General

Target

24e019c79986ec993918ce405a03e90a
Size

93KB
MD5

24e019c79986ec993918ce405a03e90a
SHA1

ef3441215e2a7cee8b1c9ac8f415e5c62947c9ae
SHA256

f9b4c7e9ecfa83e0d6b516cb0af85d2ab5bbcb00c7e41f52573a07711d126e75
SHA512

d04b683639ef47ab0643b832f81d057981237ebef85954a7d99b4b768ca04d52365b62ff93a8249e54726a50a6e2812c8844ca24f8aca4f0c38248aaa822675a
SSDEEP

1536:j+UU5Npb8wYUzYgyzsxTcn0rbniqGg10Jgk:CUU5Npb8wYBOrDi610Jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e019c79986ec993918ce405a03e90a

Files

24e019c79986ec993918ce405a03e90a
.dll windows:5 windows x86 arch:x86

73183f58bf8c81a46089bd06e0a91744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind
NtSuspendThread
NtOpenThread
RtlGetVersion
NtQuerySystemInformation
NtQueryVirtualMemory
RtlCompareMemory
NtWriteVirtualMemory
NtFlushInstructionCache
RtlGetNtVersionNumbers
NtOpenProcess
RtlTimeToSecondsSince1970
NtGetContextThread
NtSetContextThread
NtResumeThread
NtTerminateProcess
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
NtClose
RtlZeroMemory
NtTerminateThread
RtlDecompressBuffer
RtlComputeCrc32
NtFreeVirtualMemory
NtProtectVirtualMemory
RtlMoveMemory
NtAllocateVirtualMemory
RtlRandom

kernel32

FindClose
FindNextFileW
DeleteFileW
lstrcatW
lstrcmpW
FindFirstFileW
lstrlenW
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
CreatePipe
GetLastError
SetCurrentDirectoryW
GetExitCodeProcess
WaitForSingleObject
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
SetEvent
OpenEventA
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
lstrcmpiA
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetComputerNameExW
WTSGetActiveConsoleSessionId
GetSystemDirectoryW
GetModuleHandleW
DisableThreadLibraryCalls
FormatMessageW
LoadLibraryExW
CreateProcessW
InterlockedCompareExchange
InterlockedExchange
HeapCreate
HeapDestroy
HeapSize
GetStringTypeW
LCMapStringW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetCommandLineA
DecodePointer
LocalFree
LoadLibraryW
GetCommandLineW
lstrcmpiW
OpenEventW
CreateEventW
CreateThread
Sleep
ExitProcess
GetFileSize
VirtualAlloc
VirtualFree
GetVolumeInformationW
lstrlenA
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
lstrcpyA
CreateFileW
GetFileAttributesW
MoveFileExW
SetFilePointer
CloseHandle
WriteFile
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
GetLocaleInfoW
IsProcessorFeaturePresent

user32

GetForegroundWindow
GetWindowTextW
GetWindowThreadProcessId
DispatchMessageW
GetDesktopWindow
GetDC
GetWindowRect
GetCursorInfo
GetIconInfo
DrawIconEx
ReleaseDC
CharLowerW
GetDlgItem
ExitWindowsEx
PostThreadMessageW
MessageBoxW
SetWindowPos
BringWindowToTop
SetForegroundWindow
SendMessageW
wsprintfA
IsWindow
PostMessageW
wsprintfW
GetDlgItemTextA
KillTimer
GetMessageW
SetTimer
CallWindowProcW
PostQuitMessage
SetWindowLongW
GetThreadDesktop
CreateDesktopW
CloseDesktop
SwitchDesktop
SetThreadDesktop
LoadStringW
GetClassNameW
DestroyWindow
CreateDialogIndirectParamW
SetWindowTextW
GetWindowLongW

shlwapi

StrCmpNIW
StrCmpNIA
StrTrimA
PathFindFileNameW
PathIsRelativeW
PathQuoteSpacesW
StrRChrW
PathAddBackslashA
PathRemoveFileSpecA
StrChrA
StrDupA
StrToIntW
PathBuildRootW
PathGetDriveNumberW
StrChrW
PathFindFileNameA
PathRemoveFileSpecW
PathAddBackslashW
ord12

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

QueryServiceStatusEx
RegisterServiceCtrlHandlerExW
SetServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
CreateProcessAsUserW
DuplicateTokenEx
EqualSid
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSecurityInfo
GetNamedSecurityInfoW
CreateWellKnownSid
SetEntriesInAclW
SetSecurityInfo
SetNamedSecurityInfoW
RegQueryValueExW
CreateServiceW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
LogonUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
GetUserNameW
RegCreateKeyExW
RegCloseKey
ChangeServiceConfig2W

wininet

InternetWriteFile
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
InternetCloseHandle

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
SHCreateDirectoryExW

psapi

GetModuleFileNameExW

gdi32

SelectObject
BitBlt
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject

cabinet

ord21
ord22
ord23
ord20

oleaut32

SysAllocString
SysFreeString
VariantInit
SysAllocStringLen

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

Exports

Exports

SetSvc

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73183f58bf8c81a46089bd06e0a91744

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

shlwapi

wtsapi32

userenv

advapi32

wininet

shell32

psapi

gdi32

cabinet

oleaut32

ole32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB