37fd0e1725bb9d2ce982b7eda2cae860

Sharing

Copy URL Twitter E-mail

General

Target

37fd0e1725bb9d2ce982b7eda2cae860
Size

5.3MB
MD5

37fd0e1725bb9d2ce982b7eda2cae860
SHA1

6a4335f12fd469c93d23db15d23c5da9f59d3ca2
SHA256

387c0af29350ed9bdf26fce9388773dbff25eaa28f52d782893ebccc7f27c33c
SHA512

6ce196810a4ee9a0b65c1ae53299dbe3625b1a753fb7de11554fe1ce25a604fc6dab29194c3d6b28f06d22b5cd5110bb5a8464b1614ada4e02af18c1afa25bb7
SSDEEP

98304:0FQg4Kbn1KWCC5+RQVH3I+joXgN4HRUoggeLMnPfKuAaCd59uF6R8XPILN:0/4KDbCC53XVjoXZHiqeLWPfKuAaORi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37fd0e1725bb9d2ce982b7eda2cae860

Files

37fd0e1725bb9d2ce982b7eda2cae860
.dll windows:6 windows x86 arch:x86

bbae355c0675c2a1d48ef3e13f15d7e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

vcruntime140

__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-convert-l1-1-0

_ui64toa_s

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

��Q�}�+��nG��F$�@�L��׻�}�γ[U�� j9��j��BD��йL�UL��~��8�i�_Vx^p��'�g��i8�d�Ň��&3��9��a��T�,�&ʀ�~rM��W>�(�.�T>8 -��' ��=��dx" ��$ܜ-ɥ��[}�_t*�Ȍ%�5��kIx@W��{��l+��S�)��[��([�� ?��$�@j��T:�Z��z.z��g��9��E�]d�c�㴇\ץ?U�� 0�^��8:؛��x/��i��6�( �C�y�:H)|8k:v�$ ��ڰ�7Z��QN,�ƱTM\�?)·wcÐ��C��i��gN�y5��R(�"��Ԇs�-0��إ>��i��䘮��T`�>��⡄�ٞ��K��샨��{�NŇ��唲��|��6�C՝`8@sA�5��*��S�O�1��,��K�9�J��V-�8�i��+Vq��?�� N�zQ��p1�ɀ��hF��w ��=n,i�279��4�y�Y��Z�z��id��m��9�?�:��=�^ܱ�,ge7��`�� zx(e�l��m3b&��/V[�w�4~��X�!�v��SY��tt��UK�o�� Bv��a��+s��L_��- \�&��MdXj��!��T��w��j�Z1��"|6�b�A� 6�+ �ِ�~5셹!�%E��W0[�� |��PJ��Ktֿ#m��D&,�f�E@ ��^��(W��ȕi٪U�`��e��_��=Ω m�� 8��M[D��1�N��| �֨��]�1��m��N�|��fPi�G��˗Y��`�l� �kF�&n��THa��Ľ"Y�|�7�t�� z��Qh:f�蓁� ~!��Jy��3�\�\�<��5`�eJ�D5�q�a��fP~J�[�=B��ׯ��i��m�Fı��?R��F��NN�� c��R��̽Vb�$ޛ䃕);Ɣ׃��I:�E&�.B�}�xm�`VBx5�ur��h�9�o|E�˦}@�6)�,(5�U��^�$#�G�U��8��@�E}��%��"`(��o�`, -Hs��&��V�{�a��A��^� �D]��~�2{=Maב�� '��K��3P��>�H*��Awh��킈\�!:ԝ��g"�xH#�y�<2�͝2�[��.��v��l�c�UKO�C�\h�aXl}�(z�>��Vp�4)�'�ܛ�`��H��)D�o��q��O��)bz��N�sw(��=��#P�{��#k��B�h�_Ϊ�jpӁo�O�_�k GA #5��W mō� |��x�[��o&��;�ř1��n��e%� �� 3K��^9�I��8��i']28�P�\�7r�X*F�E��C㸬�ПB�ޗ�k4��Q�=#o/��0G��*!m��7J��ZF��t*�,];��W2*�=�@>��d k�5H�뀬d_V��vm�E��2��W_>H>S��W�=��T��L��I�FFkyWb>�Qe+ʑ�R�98��(V��H�y$B��X��[I�� B��E��X�y*)Yjm�M�X�� K��7�LB�`e6viG�W̸�Y��*[kY[ҘGbQ4�[+�K�ei>�$O�̑�[��Y()�Q��U��B;;��*�%��;��0�.2ANr��o�'�Y[B��u��ۿ��Z�C��f�a��ҹm8i+� w�n� �5��CL5�-<^��(�`=8��̐��n�)��B��mp��i-��͛f�Wv�7�ƱQ4W\��a�mwg T{��P��8��@5v�e��}��#�zu�� U��#<5C�tp�9�zDmf+�U��7 �P��<&QB�Qݪ:+R�+�W�-�p�NyD�| �l��)�Ԃ�5y�Vq�r��p��Yw��2�M�SEK��R%A_�TF0�o�˃�)��2Pi%shm�4��l��7�VU��H�N�𺽂/L�n>�9Zk!�+�+��̚��g#�˿ l�E��P��"��۽A�r�pz�i��*U�\x��=ހ��BB��#�,��1|��W��e(��%y�O��~(r�2��%t�Ej��Ǝ{9+nI��S��%�i�3��P�k^h�ɊI"82��ج�^��A�e�U�z��1"� ��l�eeb_��|р/��z�\�5�D�)G]�Fl�0ç^��l��9�G��̀`C��"�Ӟ��+k��KlF��kz($��зj��AE�`@K+��!��p�M��V� �Ê�ie��g�_;��/{1�{7{ҏ7r�n� 5 5�)긮�)��h�-�̕�j��!�2� y#�*)4�s�z��Ҵ��q?Ƥ-k�"S��!Dd�ً4�2��c��A@��*��H*�!�4�%ެ��KF�$��"��qL��?H�7��070|�^S��Y(��;��~M�%gpd,�&C&[��zYZ) �Pw9��N�x۸��$y�2;:��1K�X�yl�q�f�R!=�R�(q�; ��=��wJ�Y��4%�ZnPx�/��D�w�aDRt�%I(v)YU�$Y�&��MϦ�,��sn�i��?S;%��f�x�*+�I�J��{�~��h��Yl�K� �SJ��1!�2��x�t��S��\�lo�P$?�.W�)P��;1an�㐞��ؠ�f}�HT�X>� ��~u��)�=0�"��];��qBy��hEo^bGd��3l� RKb�E�^�t��.�#P�i\�b��aNx�g�R�ו�40��W8��H�LΔ��ڹ/_y�a-�w0��R�/�*Jz#ei

Sections

.text
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xs0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xs1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbae355c0675c2a1d48ef3e13f15d7e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 51KB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 1KB

.xs0 Size: - Virtual size: 3.2MB

.xs1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 51KB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 1KB

.xs0
Size: - Virtual size: 3.2MB

.xs1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B