41515e651e597ee432eb5e0b19509d24

Sharing

Copy URL

Twitter E-mail

General

Target

41515e651e597ee432eb5e0b19509d24
Size

532KB
MD5

41515e651e597ee432eb5e0b19509d24
SHA1

c40874cc7c43a29cf2e23aae0de4b15a1230bcdc
SHA256

5e634801f2020d1786e158389ffd6b4e5fc2c929752a4b785feebcb42ff926f4
SHA512

a1d6f92d2643192413bb6f06a02223c6eb1b14d52fd10b77fd99d621f606c77161b3b497ae102bb6ef27601f68c719354b946681e0388986bd7254510b82ad57
SSDEEP

6144:XBPMWkSbdHbgw4psWDFaxJPFHL5RyeOIWh+msv:xPHVbgvp6Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41515e651e597ee432eb5e0b19509d24

Files

41515e651e597ee432eb5e0b19509d24
.dll windows:5 windows x64 arch:x64

7f870d08de4cd3cbf4946877370dc5ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetVolumeInformationA
CreateFileW
GetProcAddress
GetModuleHandleA
VirtualProtect
CloseHandle
HeapAlloc
GetCurrentProcess
HeapFree
GetTimeFormatA
GetProcessHeap
GetDateFormatA
GetConsoleMode
Sleep
CreateProcessA
TerminateProcess
GetStdHandle
FindFirstFileA
GetLastError
GetLocalTime
LocalAlloc
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
LocalFree
GetFileSize
WaitForSingleObject
SetEvent
GetTickCount
ExpandEnvironmentStringsA
WideCharToMultiByte
CreateEventA
FileTimeToSystemTime
CreateDirectoryA
FindClose
ResetEvent
LoadLibraryA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
FileTimeToLocalFileTime
lstrlenA
GetFileAttributesA
SetLastError
HeapReAlloc
MoveFileExW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
ExpandEnvironmentStringsW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
DuplicateHandle
GetFileAttributesExW
SetEnvironmentVariableA
SetEndOfFile
GetExitCodeProcess
WriteConsoleW
OutputDebugStringW
SetStdHandle
GetStringTypeW
LCMapStringW
CompareStringW
SetFilePointerEx
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
EncodePointer
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
GetSystemTimeAsFileTime
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
ReadFile
ReadConsoleW
WriteFile
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize

oleaut32

SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
VariantClear
SysAllocString
SysFreeString

ws2_32

send
inet_ntoa
select
shutdown
setsockopt
recv
bind
listen
accept
gethostname
connect
WSAStartup
inet_addr
WSAGetLastError
htons
sendto
WSACleanup
socket
WSACancelBlockingCall
closesocket
gethostbyname

netapi32

NetQueryDisplayInformation
NetUserGetInfo
NetApiBufferFree
NetGroupGetUsers
NetLocalGroupEnum
DsRoleFreeMemory
NetGetDCName
DsRoleGetPrimaryDomainInformation
NetLocalGroupGetMembers
NetUserModalsGet

wevtapi

EvtOpenPublisherMetadata
EvtFormatMessage
EvtRender
EvtCreateBookmark
EvtNext
EvtClose
EvtUpdateBookmark
EvtCreateRenderContext
EvtSubscribe

shlwapi

SHSetValueA
PathQuoteSpacesW
PathAppendW
PathFindFileNameW

Exports

Exports

InstWinSnare
ServiceMain

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f870d08de4cd3cbf4946877370dc5ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

ws2_32

netapi32

wevtapi

shlwapi

Exports

Exports

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 13KB - Virtual size: 55KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 13KB - Virtual size: 55KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB