ee0d4947ee6b6476cedb794d956540a45707b55eb8db536207cc98581e09b822

Sharing

Copy URL

Twitter E-mail

General

Target

ee0d4947ee6b6476cedb794d956540a45707b55eb8db536207cc98581e09b822
Size

717KB
MD5

393fe059e4788010faa27c53aee547cd
SHA1

241cfd6b0997133ff8d802f76d454dc1feb7ba1d
SHA256

ee0d4947ee6b6476cedb794d956540a45707b55eb8db536207cc98581e09b822
SHA512

c829924ceef48dc01f39d28600d553c81848e664fb07cccd57852a06a826bafc8f468a22249c96301f0d91ed41e86dcd5c20a81bb72ceb78802724b662762848
SSDEEP

12288:ERhYx5B6PEsaKLc1gt57JPxk/Fo8Z1oUdDiywU2bzXrmX:ER2BQaKLc+t57PkNoO2UdWre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee0d4947ee6b6476cedb794d956540a45707b55eb8db536207cc98581e09b822

Files

ee0d4947ee6b6476cedb794d956540a45707b55eb8db536207cc98581e09b822
.dll windows:6 windows x86 arch:x86

36903a61bf2a0f384db5cba6e2dd8a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionEx
GetEnvironmentVariableA
FindClose
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
GetTempPathA
CloseHandle
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableA
GetLongPathNameA
GetTempFileNameA
GetCurrentProcess
SetErrorMode
GetVolumeInformationA
OpenProcess
GetDiskFreeSpaceA
CompareStringA
LoadLibraryA
GetVersionExA
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetLocaleInfoA
GlobalLock
LocalFree
WideCharToMultiByte
GlobalUnlock
GlobalHandle
ExpandEnvironmentStringsA
GetTimeFormatA
OpenFile
GetUserDefaultLCID
GetDateFormatA
GlobalFree
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetCurrentThreadId
GetModuleHandleA
AddVectoredExceptionHandler
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GlobalAlloc
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
HeapFree
lstrlenA
HeapAlloc
GetFullPathNameA
FindNextFileA
GetDriveTypeA
FindFirstFileA
GetFileAttributesExA
CompareFileTime
ReadFile
DebugBreak
FormatMessageA
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetFinalPathNameByHandleA
GetLastError
GetProcessHeap
UnhandledExceptionFilter

user32

OpenClipboard
PostQuitMessage
PeekMessageA
MessageBoxA
UnregisterClassA
CharLowerA
CharUpperA
OemToCharA
CharToOemA
CharUpperBuffA
GetAsyncKeyState
MessageBeep
LoadStringA
IsCharAlphaNumericA
IsClipboardFormatAvailable
GetClipboardData
GetKeyboardLayout
CloseClipboard
SendMessageA

advapi32

RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
GetFileSecurityA
AccessCheck
OpenProcessToken
DuplicateToken
MapGenericMask
GetUserNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHCreateItemFromParsingName
SHGetFileInfoA

ole32

CoCreateInstance
CoTaskMemFree

shlwapi

UrlCreateFromPathA

msvcp140

?bad@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z

vcruntime140

__current_exception
__current_exception_context
memmove
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_terminate
memchr
strrchr
_setjmp3
longjmp
strchr
memcpy
strstr
memset
__CxxFrameHandler3
_purecall
__std_type_info_destroy_list
_seh_longjmp_unwind4

api-ms-win-crt-runtime-l1-1-0

terminate
strerror
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_set_invalid_parameter_handler
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo
exit
system
abort
_invalid_parameter_noinfo_noreturn
_errno

api-ms-win-crt-stdio-l1-1-0

fsetpos
ungetc
_get_stream_buffer_pointers
fopen
__acrt_iob_func
__stdio_common_vfprintf
_wfopen_s
feof
__stdio_common_vsnprintf_s
fgets
fgetpos
fgetc
fclose
fputc
__stdio_common_vsprintf
_pclose
__stdio_common_vsscanf
ferror
clearerr
_fseeki64
fflush
fopen_s
tmpnam
fread
freopen
getc
__stdio_common_vsprintf_s
_ftelli64
tmpfile
_write
fwrite
setvbuf
_popen
_getcwd

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_difftime64
clock
_localtime64
_mktime64
_ctime64
strftime

api-ms-win-crt-heap-l1-1-0

realloc
free
_recalloc
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
isalnum
strncpy
_strrev
_strnicmp
_memicmp
toupper
strspn
isxdigit
isspace
strcoll
isprint
tolower
strpbrk
strncmp
iscntrl
isgraph
ispunct
islower
isupper
isalpha
isdigit

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-math-l1-1-0

_except1
ldexp
_finite
_libm_sse2_log10_precise
floor
_CIatan2
_CIfmod
_libm_sse2_log_precise
ceil
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_libm_sse2_tan_precise
_libm_sse2_asin_precise
_libm_sse2_pow_precise
frexp
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_isnan

api-ms-win-crt-convert-l1-1-0

_itoa
strtoul
_ecvt_s
atol
atof
strtol
atoi
wcstombs
mbstowcs
strtod

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_chdir
_chmod
_chdrive
rename
remove
_stat64i32
_lock_file

api-ms-win-crt-utility-l1-1-0

qsort
srand

Exports

Exports

execute
kill
version

Sections

.text
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36903a61bf2a0f384db5cba6e2dd8a8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 588KB - Virtual size: 588KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 588KB - Virtual size: 588KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 25KB - Virtual size: 25KB