2b2ddd7547c73b3f0233dde9a07644e0

Sharing

Copy URL Twitter E-mail

General

Target

2b2ddd7547c73b3f0233dde9a07644e0
Size

639KB
MD5

2b2ddd7547c73b3f0233dde9a07644e0
SHA1

308e9daed3c75337d7ab9791cb58a4d6f73fcd9a
SHA256

1bc71a05199be14eebc863ad53a6467bd1e683003c6a9b909ced898c45f2eb2c
SHA512

d6c216c31dc65713be0bc682c764dc3836500ad3f33523cb850791f0130f9795aba20def70055420f45c7b73dec122f774d1fb9a5e705eb0dd14d90c46065e3a
SSDEEP

12288:y9VqTFsSy+V80xw+RZ5pgVatVVqe2VSJKm:y9MF1yU3w+bmewe2VSJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b2ddd7547c73b3f0233dde9a07644e0

Files

2b2ddd7547c73b3f0233dde9a07644e0
.dll windows:6 windows x64 arch:x64

9afec29c9d343185a291606489615bd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
CreateThread
GetTickCount
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
SetEndOfFile
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileAttributesExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
GetStringTypeW
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapAlloc
HeapFree
HeapReAlloc

shell32

SHPathPrepareForWriteA
SHGetSettings
ord701
ord75
ord47
SHGetInstanceExplorer
ord645
ord644
ord4
ord2
SHChangeNotify
SHGetFolderPathAndSubDirW
SHGetFolderPathAndSubDirA
ord232
SHGetFolderPathW
ord154
ord17
ord16
SHPathPrepareForWriteW
ord18
ord245
SHSetUnreadMailCountW
SHGetUnreadMailCountW
SHIsFileAvailableOffline
SHLoadNonloadedIconOverlayIdentifiers
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceExA
Shell_NotifyIconW
Shell_NotifyIconA
DoEnvironmentSubstW
DoEnvironmentSubstA
SHAppBarMessage
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
DragQueryFileA
ord155

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9afec29c9d343185a291606489615bd3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 519KB - Virtual size: 519KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 11KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 519KB - Virtual size: 519KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 11KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB