36c8f0d2021c37678223cf7934aa35ce

Sharing

Copy URL Twitter E-mail

General

Target

36c8f0d2021c37678223cf7934aa35ce
Size

297KB
MD5

36c8f0d2021c37678223cf7934aa35ce
SHA1

9a79201cee0ded0a101efb70d4c36a1ae19745ef
SHA256

e3d7091351872ae042620f0284f487f22ab3494706e53628d459719db6b062fb
SHA512

6e2e0a2fbcd82c951fa243e466274e5c59de7bfecc328bcdb72ea7ce3c3bda8fe77a259828e970ac4a81b60e01bfd0a05c0dfe5369b7ce1bf76430e38510559c
SSDEEP

6144:ethVhdmTeh1hZV7neaXY5YgODjHHUpr363vtpKOiS8h2:elfmiPlzZdljH0prq/tWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c8f0d2021c37678223cf7934aa35ce

Files

36c8f0d2021c37678223cf7934aa35ce
.dll windows:6 windows x64 arch:x64

d36e4b8f30bbf2a08d9223888373c067

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AddConsoleAliasW
PeekConsoleInputA
FlushConsoleInputBuffer
ReadConsoleOutputW
WriteConsoleInputA
GetCurrencyFormatW
GetCurrencyFormatA
SetInformationJobObject
CreateJobObjectW
FileTimeToSystemTime
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
MoveFileWithProgressA
GetSystemWow64DirectoryW
GetTempPathA
CreateFileMappingA
PurgeComm
SetThreadIdealProcessor
LocalFree
LocalUnlock
LocalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
CreateFileMappingW
GetTickCount
GetProcessPriorityBoost
CreateProcessW
CreateThread
GetCurrentProcess
Sleep
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
DuplicateHandle
CloseHandle
ReadFile
LocalFileTimeToFileTime
GetFileTime
GetFileSize
FindFirstFileExA
FindClose
DeleteFileA
CreateFileW
GetStdHandle
RtlCaptureStackBackTrace
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeSListHead
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

gdi32

DeleteColorSpace
CreateColorSpaceA
GdiGetBatchLimit
CreateHalftonePalette
CombineTransform
SetEnhMetaFileBits
GetEnhMetaFileBits
GetEnhMetaFileW
DeleteEnhMetaFile
CreateEnhMetaFileA
SetMetaFileBitsEx
Arc
CreateBitmap
CreateDCA
CreateDCW
CreateDIBPatternBrushPt
CreateEllipticRgn
CreateRectRgn
CreateRoundRectRgn
DeleteDC
DeleteMetaFile
DeleteObject
GetMetaFileBitsEx
GetNearestPaletteIndex
GetRegionData
GetRgnBox
AddFontMemResourceEx
RemoveFontMemResourceEx
OffsetRgn

advapi32

UnlockServiceDatabase
CredFree
CredGetTargetInfoA
CredRenameA
CredDeleteA
CredReadDomainCredentialsW
CredEnumerateW
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
OpenTraceA
CloseTrace
QueryTraceW
StopTraceW
StartTraceW
LsaLookupSids
LsaOpenPolicy
LsaClose
LsaFreeMemory
CreateRestrictedToken
StartServiceCtrlDispatcherW
OpenSCManagerA
LockServiceDatabase
CloseServiceHandle
CreateProcessAsUserA
LogonUserA
GetFileSecurityA
SetFileSecurityA
GetEventLogInformation
RegisterEventSourceW
DeregisterEventSource
IsTextUnicode
SetSecurityDescriptorGroup
ObjectOpenAuditAlarmW
ObjectCloseAuditAlarmW
GetSidSubAuthorityCount
GetSecurityDescriptorGroup
GetPrivateObjectSecurity

shlwapi

UrlCanonicalizeA
UrlHashW
ord2
SHRegCreateUSKeyW
SHRegOpenUSKeyW
UrlCompareA
SHRegDeleteUSValueW
SHRegQueryInfoUSKeyW
SHRegCloseUSKey
AssocGetPerceivedType
SHOpenRegStream2W
ord15
PathSetDlgItemPathW
PathRenameExtensionA
SHRegWriteUSValueW
PathParseIconLocationA
StrChrA
StrFormatByteSizeA
StrFormatKBSizeA
wnsprintfW
ord487
ord151
IntlStrEqWorkerW
PathBuildRootA
PathFileExistsA
PathIsRootA
PathIsNetworkPathA
PathIsUNCServerW
StrToIntW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memcmp
memcpy
memmove
__std_type_info_destroy_list
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
perror
abort
exit
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm

api-ms-win-crt-string-l1-1-0

isxdigit
strncpy
strncmp
strncat
_wcsnicmp
wcsncpy
wcsncat
isspace

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-convert-l1-1-0

_itow
strtol
_itoa
strtoul
_ultow
_ltoa

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

tmpfile
setbuf
rewind
_open
__stdio_common_vfprintf
__stdio_common_vsprintf
__acrt_iob_func
fwrite
ftell
fclose
fopen
fseek
fread
fputs

api-ms-win-crt-math-l1-1-0

_fdopen
atan2
sqrt

api-ms-win-crt-filesystem-l1-1-0

_unlink

Exports

Exports

libcdata_tree_node_get_number_of_sub_nodes
reset_Omer

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d36e4b8f30bbf2a08d9223888373c067

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shlwapi

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 116B

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 116B