290246d6ba218bff6d38ac923ce88acd

Sharing

Copy URL Twitter E-mail

General

Target

290246d6ba218bff6d38ac923ce88acd
Size

34KB
MD5

290246d6ba218bff6d38ac923ce88acd
SHA1

4265c410527cefbebb92b029d52d95752e9e6cc9
SHA256

bdcb56d8cda675bb68619f898f647190a5c421ff1ce1714077866eef0c604756
SHA512

cb6fd737a93dbbbd937122baf2bbacf782618c3f6790664a9dde039544a2729c8d9fce2fd1b963fd68a14497530f0a46ef649c9a72a5eea15b888b820dd13cc0
SSDEEP

768:Qmc1DjnwppbT5z+57oWZ8GoiC85Bhxvqy5/oV1P:jQHwE7oS8er5BhxSj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
290246d6ba218bff6d38ac923ce88acd

Files

290246d6ba218bff6d38ac923ce88acd
.dll windows:5 windows x86 arch:x86

56920c1f98ae4bd2cc1580991a602421

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memset
ZwOpenProcess
ZwClose
ZwQueryInformationToken
memcmp
memcpy
ZwOpenProcessToken
RtlUnwind
NtQueryVirtualMemory

shlwapi

StrChrA
StrStrIW
StrRChrA
StrStrIA

kernel32

CloseHandle
LocalFree
ResumeThread
CreateThread
SetEvent
HeapDestroy
HeapCreate
lstrlenA
HeapAlloc
SetWaitableTimer
HeapFree
LeaveCriticalSection
lstrcatA
FindFirstFileA
lstrcmpiA
RemoveDirectoryA
EnterCriticalSection
LocalAlloc
WaitForMultipleObjects
FindNextFileA
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
DeleteFileA
lstrcpyA
GetModuleHandleA
CreateFileA
lstrcpynA
GlobalLock
WriteFile
lstrlenW
GlobalUnlock
lstrcpyW
LoadLibraryExW
SetLastError
lstrcmpW
HeapReAlloc
WaitForSingleObject
OpenProcess
CreateEventA
Process32First
GetProcAddress
ResetEvent
Process32Next
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTempPathA
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
GetLastError
CreateProcessA
Sleep
GetCurrentProcess
CreateProcessW
VirtualAllocEx
GetModuleFileNameA
WriteProcessMemory
VirtualProtect
SwitchToThread
TerminateThread
InitializeCriticalSection
CreateRemoteThread
GetVersion
GetTickCount

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
RegDeleteValueA
LookupPrivilegeValueA
RegDeleteKeyA
OpenProcessToken
RegEnumValueA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
CreateProcessAsUserW
CreateProcessAsUserA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

CreateProcessNotify
DllEntryPoint

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56920c1f98ae4bd2cc1580991a602421

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB