47b3627c3900e29bdef6d36cfdf61bbf

Sharing

Copy URL Twitter E-mail

General

Target

47b3627c3900e29bdef6d36cfdf61bbf
Size

547KB
MD5

47b3627c3900e29bdef6d36cfdf61bbf
SHA1

9f4ece12b5f9cd1c9ba64fd2d619574e393ed369
SHA256

ee0f0728298d82d776d8aea6acb74b05b0fc0662b547b2808a21b96102d491f4
SHA512

a486c08f04a90cb531aafb7deaea22b60b7361f47f3720a4b183d20a0fdadc6fdc0a08be96d0f716fcaf39594440b7a07a5f78c07ffab60045ecb7007547299a
SSDEEP

12288:KtATrDixw91Wv7yS0fFdLMCcwaN4xfH4gTc:b3RBFd8waKYgTc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47b3627c3900e29bdef6d36cfdf61bbf

Files

47b3627c3900e29bdef6d36cfdf61bbf
.dll windows:5 windows x64 arch:x64

789ce009b80d73f5495a4d00a0060052

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
SizeofResource
FindResourceExW
GetSystemDirectoryW
CloseHandle
CreateFileW
SetFileAttributesW
CreateThread
WaitForSingleObject
GetModuleFileNameW
GetFileSize
ReadFile
GetCurrentThreadId
WriteFile
GetSystemInfo
GetVersionExW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
GetFileTime
SetFileTime
IsBadReadPtr
GetVersion
OpenProcess
TerminateThread
OutputDebugStringW
GetModuleHandleA
LoadLibraryA
VirtualFree
GetWindowsDirectoryW
CreateDirectoryW
GetPrivateProfileStringW
GetComputerNameExW
DisableThreadLibraryCalls
LoadResource
GlobalAlloc
LocalFree
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
LoadLibraryW
FlushInstructionCache
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapAlloc
RaiseException
GetNativeSystemInfo
HeapReAlloc
GetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcessorNumber
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
SetThreadExecutionState
GlobalFree
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateEventW
SetEvent
CreateTimerQueue
LoadLibraryExW
FreeLibrary
GetTickCount
SetLastError
TerminateProcess
InterlockedFlushSList
VirtualQuery
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetCurrentProcess
EnterCriticalSection
HeapFree
VirtualProtect
OpenThread
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapCreate
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent

user32

wsprintfA
wsprintfW
GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
GetUserNameW
RegOpenCurrentUser
RegOverridePredefKey
SystemFunction036
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW

ole32

CoCreateGuid

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
InternetWriteFile
HttpEndRequestW
HttpSendRequestExW
InternetConnectW
InternetQueryDataAvailable
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersW
InternetOpenW

shlwapi

PathRemoveFileSpecW

iphlpapi

GetNetworkParams

ws2_32

inet_addr
gethostbyname
recvfrom
sendto
WSAIoctl
select
accept
recv
send
connect
listen
bind
socket
GetAddrInfoW
FreeAddrInfoW
WSAStartup
setsockopt
closesocket
shutdown
htons
__WSAFDIsSet
ioctlsocket
WSAGetLastError
getsockopt

crypt32

CertCloseStore
CertFreeCertificateContext
CryptBinaryToStringA
CertOpenSystemStoreW
CertFindChainInStore
CryptStringToBinaryA
CryptDecodeObjectEx

netapi32

NetWkstaGetInfo
NetApiBufferFree

ntdll

RtlImageNtHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpQueryOption
WinHttpSetOption
WinHttpCloseHandle

dnsapi

DnsFree
DnsQuery_W

msvcrt

__CxxFrameHandler
___lc_codepage_func
_lock
_unlock
_iob
__dllonexit
fgets
_controlfp
_XcptFilter
strchr
ceil
_clearfp
log10
__pctype_func
_statusfp
?terminate@@YAXXZ
_msize
_time64
malloc
free
abort
??3@YAXPEAX@Z
memchr
localeconv
realloc
memmove
memcmp
strncmp
strrchr
_beginthreadex
___lc_handle_func
fputc
memcpy
setlocale
_CxxThrowException
??0exception@@QEAA@XZ
memset
_initterm
atexit
__getmainargs
_amsg_exit
_cexit
calloc
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
toupper
_wtoi
wcstoul
tolower
strtol
??_U@YAPEAX_K@Z
_wcsicmp
wcsstr
??_V@YAXPEAX@Z
_errno
__C_specific_handler
fclose
??2@YAPEAX_K@Z
fopen
__uncaught_exception
exp
sqrt
__RTDynamicCast
__DestructExceptionObject

msvcp60

_Tolower
_Getctype
_Toupper

Exports

Exports

CoreStage
DispatchEx

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

789ce009b80d73f5495a4d00a0060052

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

shlwapi

iphlpapi

ws2_32

crypt32

netapi32

ntdll

winhttp

dnsapi

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 13KB - Virtual size: 23KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 13KB - Virtual size: 23KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB