2ae1f3a35e25161bbc3f2e86b7301c65

Sharing

Copy URL

Twitter E-mail

General

Target

2ae1f3a35e25161bbc3f2e86b7301c65
Size

445KB
MD5

2ae1f3a35e25161bbc3f2e86b7301c65
SHA1

3e5bd8b5344e57a781e57ef133ef7145f1f198c1
SHA256

f7664ddbb96dd75b1e6df5564719a7c544462e5623d80754eedf5af404c3c8af
SHA512

634c40ad25c58978426fd2fe31bdf176128194e416178eaa62914edd0d976912e99233dd7e8c1eb81387b1060242d2c0ddb2013ba11a4b7e11c16ef22e1dfc5c
SSDEEP

12288:7Yh77jDjuFk4LJnqe4qRQhQePCdMgl6kf1TcE+iBqNEf:7Yh77jDjuFkuJnqe4qRQhQePCd9l6kf+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ae1f3a35e25161bbc3f2e86b7301c65

Files

2ae1f3a35e25161bbc3f2e86b7301c65
.dll windows:5 windows x86 arch:x86

7fd61b115ca0e7a0f5728db562bd3e36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
free
_wsplitpath
_vsnwprintf
iswalpha
_initterm
_snwprintf
_mbscpy
_except_handler3
wcsstr
strncpy
_wcsdup
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
iswspace
iswcntrl
wcsncmp
_wcsicmp
wcscmp
_wcsnset
swprintf
wcslen
wcscpy
wcsrchr
wcscat
wcsncpy
wcschr

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
GetVersionExW
GetComputerNameW
lstrlenW
FreeLibrary
GetProcAddress
CreateDirectoryW
GetFileAttributesW
ReadFile
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MoveFileExW
GetFileType
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CopyFileW
GetCurrentThread
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
lstrlenA
GetTickCount
LoadLibraryW
DisableThreadLibraryCalls
lstrcpynW
CreateFileW
WriteFile
CloseHandle
MoveFileW
DeleteFileW
GetProfileIntW
GetTempPathW
GetTempFileNameW
SetLastError
MulDiv
FindFirstFileW
FindNextFileW
GetLastError
FindClose
VirtualFree
VirtualAlloc
ReleaseMutex
WaitForMultipleObjects
WaitForSingleObject
MapViewOfFile
SetEnvironmentVariableW
CreateEventW
CreateMutexW
OpenMutexW
LocalFree
ExpandEnvironmentStringsW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
RegCreateKeyExW
RegSetValueExW
RegQueryValueW
OpenProcessToken
OpenThreadToken

winspool.drv

EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter

gdi32

GetDeviceCaps
GetStockObject
EndPage
StartPage
SetMapMode
DeleteObject
GetTextExtentExPointW
GetTextMetricsW
SetBkMode
SelectObject
CreateFontIndirectW
DeleteDC
EndDoc
StartDocW
CreateDCW
TextOutW
GetObjectW

user32

GetWindowContextHelpId
CheckDlgButton
EndDialog
UpdateWindow
InvalidateRect
wsprintfW
GetWindowTextW
CreateWindowExW
DialogBoxParamW
EnableWindow
BeginPaint
MessageBoxW
GetDlgItem
SetWindowTextW
EndPaint
WinHelpW
IsDlgButtonChecked
SendMessageW
LoadStringW
MessageBeep

shell32

ShellExecuteExW

mapi32

ord140
ord17
ord62
ord81
ord185
ord75

comdlg32

ChooseFontW

fxsapi

FaxAccessCheckEx
FaxSendDocumentExW
FaxGetRecipientsLimit
FaxGetSenderInformation
FaxFreeSenderInformation
FaxClose
FaxGetReceiptsOptions
FaxGetPersonalCoverPagesOption
FaxConnectFaxServerW

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fd61b115ca0e7a0f5728db562bd3e36

Headers

File Characteristics

Imports

msvcrt

msvcp60

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

fxsapi

Exports

Exports

Sections

.text Size: 381KB - Virtual size: 381KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 381KB - Virtual size: 381KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB