4b93f216c5443953f1e2acd853b9d12d

Sharing

Copy URL Twitter E-mail

General

Target

4b93f216c5443953f1e2acd853b9d12d
Size

743KB
MD5

4b93f216c5443953f1e2acd853b9d12d
SHA1

468430161471fb11a34bd0ec7afeb6b74d5d2921
SHA256

92e8e289f37e4cd4dba2146beef86cfa11a51328925ea6c9945e051a0a7f6cf7
SHA512

f62e4ba222d506ad7306039d2b15651a104c95cfb23148c72a60b086e42fe439b49730e54f92d35e0cccef05a50d6cbd1aa36ce071738e4c77a51f10c734ef76
SSDEEP

12288:zyBnjdf2qBydT3/cFDTkzQ596BTqaov3l9aBdS:zMhfnydTEFDTkzQ5dae3l9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b93f216c5443953f1e2acd853b9d12d

Files

4b93f216c5443953f1e2acd853b9d12d
.dll windows:6 windows x64 arch:x64

e9253f299a78d159c02b2928387ceb89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
CreateProcessW
GetStartupInfoW
GetProcessPriorityBoost
GetSystemTime
GetTickCount
GetComputerNameExW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalFree
WaitForMultipleObjects
FormatMessageW
CreateWaitableTimerW
ReplaceFileA
IsBadStringPtrA
GetCurrentThreadId
SystemTimeToFileTime
EnumCalendarInfoExA
SetEndOfFile
CreateThread
GetExitCodeProcess
GetCurrentProcess
GetProcessTimes
Sleep
CancelWaitableTimer
SetWaitableTimer
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
CreatePipe
GetLastError
CloseHandle
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
WriteFile
ReadFile
GetFileSize
CreateFileW
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
GetFileType
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
FreeLibrary

gdi32

GetRegionData
GetRgnBox
CreateEnhMetaFileA
CombineTransform
DeleteObject
CreateRoundRectRgn

comdlg32

FindTextA
FindTextW
CommDlgExtendedError
GetFileTitleA

advapi32

ConvertToAutoInheritPrivateObjectSecurity
AreAllAccessesGranted
DeleteAce
SaferGetPolicyInformation
SaferCloseLevel
SaferIdentifyLevel
SaferRecordEventLogEntry
FreeInheritedFromArray
GetInheritanceSourceW

shell32

SHGetFolderPathAndSubDirW
ord16
ord155
ord18
DragAcceptFiles
ord701

dbghelp

SymEnumerateModules64
SymGetLineFromAddr64
SymGetLineNext64
SymGetSearchPath
SymInitialize
SymGetFileLineOffsets64
SymCleanup

imm32

ImmDestroyContext
ImmGetCandidateListA
ImmGetOpenStatus
ImmSetOpenStatus
ImmEscapeW
ImmCreateContext

urlmon

MkParseDisplayNameEx
IsValidURL
IsAsyncMoniker
CreateURLMoniker
CompatFlagsFromClsid
URLDownloadToCacheFileW
CopyBindInfo
ReleaseBindInfo
CreateFormatEnumerator
CoInternetParseUrl

winmm

mmioAscend
mmioDescend
mmioAdvance
mmioSetBuffer
mmioOpenW
midiInGetDevCapsW
mixerGetControlDetailsA
timeGetSystemTime
mmioClose
joyGetPosEx
joyGetNumDevs
joyGetDevCapsA
midiInGetID

rpcrt4

MesBufferHandleReset
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesIncrementalHandleReset
MesEncodeIncrementalHandleCreate
MesHandleFree

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9253f299a78d159c02b2928387ceb89

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

shell32

dbghelp

imm32

urlmon

winmm

rpcrt4

Sections

.text Size: 504KB - Virtual size: 503KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 6KB - Virtual size: 4.2MB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 504KB - Virtual size: 503KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 6KB - Virtual size: 4.2MB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB