25f94ff087a7f6feedf2d24dd99b149d

Sharing

Copy URL Twitter E-mail

General

Target

25f94ff087a7f6feedf2d24dd99b149d
Size

284KB
MD5

25f94ff087a7f6feedf2d24dd99b149d
SHA1

49bcf2d64b7eba9f0ebb700de2eb8fd8f1d37b6c
SHA256

0126855e2683ca2e9cabd23fcb39ceb5cc435a3f86f18b770375afb93e505eb9
SHA512

5e382e15452a7bd45f0fa05b28f4750e707d778249a877ffa8eb8b0fc59483e62af57e77a6c0068ebc0d00e6e65673ab263dcc8b8d9302cf616e0198c550d1f6
SSDEEP

6144:8fgMTSV3chL1l20Hta4jEy5stXcLOakz3lnAj728Ry80+DCE/Anmxcg:8fSRchL1E0EQEWstXAOakzlnA3y8fDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25f94ff087a7f6feedf2d24dd99b149d

Files

25f94ff087a7f6feedf2d24dd99b149d
.dll windows:4 windows x64 arch:x64

22fd56982b2e42fe8adf3de3e969056a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

RtlEqualUnicodeString
memcmp
_strupr
ZwQueryInformationProcess
ZwQueryKey
NtGetContextThread
NtSuspendProcess
NtSetContextThread
RtlNtStatusToDosError
NtResumeProcess
NtSetInformationProcess
_wcsnicmp
ZwClose
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtQueryInformationProcess
NtQueryDirectoryFile
memmove
NtQueryObject
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationFile
ZwOpenProcess
ZwQueryInformationToken
ZwOpenProcessToken
_strnicmp
LdrFindEntryForAddress
strcpy
memset
memcpy
__chkstk
__C_specific_handler

kernel32

WriteProcessMemory
SystemTimeToFileTime
RaiseException
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetSystemInfo
LocalAlloc
HeapReAlloc
SwitchToThread
RemoveVectoredExceptionHandler
CreateEventA
HeapAlloc
HeapDestroy
HeapCreate
AddVectoredExceptionHandler
HeapFree
SetEvent
GetCurrentThreadId
GetVersion
GetLastError
SetLastError
WideCharToMultiByte
lstrlenA
lstrcmpiW
lstrcatW
lstrcatA
MultiByteToWideChar
lstrlenW
LocalFree
lstrcpyW
lstrcpyA
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateThread
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
LeaveCriticalSection
CreateMutexA
GetCurrentProcessId
GetComputerNameW
lstrcpynA
lstrcpynW
lstrcmpiA
SetEnvironmentVariableW
SetUnhandledExceptionFilter
GetProcAddress
OpenProcess
Sleep
WaitForMultipleObjects
SetErrorMode
TerminateProcess
LoadLibraryA
ReleaseMutex
CreateDirectoryW
IsBadReadPtr
GlobalDeleteAtom
GlobalAddAtomA
IsBadStringPtrA
VirtualProtect
lstrcmpA
VirtualQuery
GetCurrentProcess
FreeLibrary
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetVersionExW
CreateFileA
GetFileSize
ReadFile
CreateFileW
SetFilePointer
SetEndOfFile
GetTempPathW
GetLongPathNameW
WriteFile
ReadProcessMemory
GetModuleFileNameA
SetWaitableTimer
VirtualAlloc
VirtualAllocEx
VirtualFree
GetThreadContext
SuspendThread
ResumeThread
VirtualProtectEx
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
GetFileAttributesExW
CopyFileW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
OpenEventA
GetSystemWindowsDirectoryA
RemoveDirectoryW
DuplicateHandle
SetFilePointerEx
DeleteFileW
GetFileInformationByHandleEx
SetFileInformationByHandle
GetProcessId
MulDiv
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
VerLanguageNameW
GetLocaleInfoW
CancelWaitableTimer
CreateWaitableTimerA
WaitForSingleObjectEx
ResetEvent
OpenThread
GetSystemTime

mswsock

AcceptEx
GetAcceptExSockaddrs

Exports

Exports

PluginRegisterCallbacks
VncStartServer
VncStopServer

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22fd56982b2e42fe8adf3de3e969056a

Headers

File Characteristics

Imports

ntdll

kernel32

mswsock

Exports

Exports

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 26KB - Virtual size: 30KB

.pdata Size: 7KB - Virtual size: 6KB

.bss Size: 18KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 26KB - Virtual size: 30KB

.pdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 18KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB