4e80b13bd74febb7eb7694a8fd89685f

Sharing

Copy URL Twitter E-mail

General

Target

4e80b13bd74febb7eb7694a8fd89685f
Size

4.2MB
MD5

4e80b13bd74febb7eb7694a8fd89685f
SHA1

874d4a7f3c73dd5d4ecba632a57421be07875cbe
SHA256

a1d57b5549c29de577ae9bd7203af654353e1291ab9c38ed9b1330e0ccb88252
SHA512

99cb3fc3c8d3c932a112609feaf5eedf6e4b477483c8148c8009f0005bf643508814f9cb53007e8d11ac665081080a72f8ca96c99ff690863056ae1c13679a6f
SSDEEP

98304:rJgfEwcXUs9IvPJ6vNYWld6fswviHkqO5ss0vJ2vA1:VgfE7XUs9IvPJeJ2Y1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e80b13bd74febb7eb7694a8fd89685f

Files

4e80b13bd74febb7eb7694a8fd89685f
.dll windows:6 windows x86 arch:x86

3f72a4b3e412528ab90b6fc51cfd23a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_pton
send
recvfrom
recv
sendto
WSAIoctl
select
__WSAFDIsSet
WSARecv
listen
accept
connect
WSASocketW
shutdown
setsockopt
ioctlsocket
getsockopt
getpeername
WSASend
WSASetLastError
WSAAddressToStringW
WSAGetLastError
ntohl
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
socket
ntohs
htons
htonl
getsockname
closesocket
bind

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetTempPathA
Sleep
VirtualQuery
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FileTimeToSystemTime
GetWindowsDirectoryA
GetVersionExA
GetModuleHandleA
GetTimeZoneInformation
CreateFileW
GetFileSize
SetFilePointer
SetLastError
CreateProcessA
ProcessIdToSessionId
LoadLibraryA
lstrcmpiW
lstrcpyA
lstrcatA
GetLogicalDriveStringsA
QueryDosDeviceA
WTSGetActiveConsoleSessionId
MultiByteToWideChar
WideCharToMultiByte
Process32FirstW
Process32NextW
HeapFree
HeapAlloc
GetProcessHeap
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GetEnvironmentVariableA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
FormatMessageA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
TlsGetValue
SleepEx
SetEvent
CreateEventW
CreateIoCompletionPort
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
QueueUserAPC
TerminateThread
WaitForMultipleObjects
TlsFree
TlsAlloc
CreateWaitableTimerA
RaiseException
InitializeCriticalSectionEx
DecodePointer
GetCurrentThreadId
VirtualAlloc
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
InitializeCriticalSection
FreeLibrary
GetCurrentProcessId
DuplicateHandle
LocalFileTimeToFileTime
GetFileAttributesA
SystemTimeToFileTime
UnmapViewOfFile
GetFileInformationByHandle
CreateFileMappingA
MapViewOfFile
GetTickCount
lstrlenA
K32GetProcessImageFileNameA
FlushFileBuffers
OutputDebugStringW
MoveFileExA
WaitForSingleObjectEx
GlobalFree
CreateFileMappingW
GetSystemTime
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
GetFileAttributesExW
GetDiskFreeSpaceA
HeapSize
HeapValidate
GetVersionExW
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapCreate
AreFileApisANSI
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
GetCPInfo
GetStringTypeW
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
TryEnterCriticalSection
EncodePointer
GetNativeSystemInfo
GetCurrentThread
SwitchToThread
GlobalAlloc
GetSystemDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
QueryFullProcessImageNameA
lstrcmpiA
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
GetSystemInfo
OpenProcess
WaitForSingleObject
WriteFile
ReadFile
GetFileSizeEx
CreateFileA
QueryPerformanceCounter
LocalFree
LoadResource
QueryPerformanceFrequency
LockResource
GetLastError
GetModuleHandleExA
RegisterWaitForSingleObject
LocalAlloc
CreateMutexA
FindResourceA
TerminateProcess
OutputDebugStringA
GetCurrentProcess
SizeofResource
CreateThread
CloseHandle
DisableThreadLibraryCalls
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
VirtualProtect
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetStdHandle
GetFileType
WriteConsoleW
GetDriveTypeW
CreateTimerQueueTimer
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetEnvironmentVariableW
MoveFileExW
SetFilePointerEx
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
SetStdHandle
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetCurrentDirectoryA
GetProcessAffinityMask
SetThreadAffinityMask
FormatMessageW

user32

GetDesktopWindow
DefWindowProcA
GetClassNameA
LoadCursorA
RegisterClassExA
FindWindowExA
IsWindow
SetParent
GetParent
GetWindow
SetFocus
IsWindowVisible
ShowWindow
UpdateWindow
GetWindowRect
GetClassInfoExA
MoveWindow
GetAsyncKeyState
SetForegroundWindow
CallWindowProcA
BeginPaint
EndPaint
RegisterWindowMessageW
RegisterShellHookWindow
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
GetMessageA
DispatchMessageA
CloseWindow
GetDC
PtInRect
ReleaseDC
GetClientRect
SetCursor
UpdateLayeredWindow
GetCursorPos
GetClassInfoA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
PostMessageA
SendMessageA
TranslateMessage
DestroyWindow
wsprintfW
CreateWindowExA
GetWindowLongA
SetWindowLongA
GetCursorInfo
UnregisterClassA
SetWindowPos

gdi32

CreateCompatibleDC
GetObjectA
GetPixel
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateDCA
CreateDIBSection

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
CreateProcessAsUserW
OpenProcessToken
SetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupAccountSidA
ConvertSidToStringSidA
LookupAccountNameA
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA

shell32

SHAppBarMessage
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHCreateDirectoryExA
SHGetPathFromIDListA

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoUninitialize

bcrypt

BCryptGetProperty
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptSetProperty
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptDestroyKey

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpQueryOption
WinHttpCrackUrl
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsA
PathStripPathA
PathCombineA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CertGetNameStringA

mswsock

GetAcceptExSockaddrs
AcceptEx

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM

comctl32

_TrackMouseEvent

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

Exports

Exports

CmdLineCb
Start
sqlite3_csv_init
sqlite3_shathree_init

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f72a4b3e412528ab90b6fc51cfd23a6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

bcrypt

winhttp

psapi

iphlpapi

shlwapi

userenv

crypt32

mswsock

gdiplus

comctl32

wintrust

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 446KB - Virtual size: 445KB

.data Size: 65KB - Virtual size: 89KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 91KB - Virtual size: 90KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 446KB - Virtual size: 445KB

.data
Size: 65KB - Virtual size: 89KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 91KB - Virtual size: 90KB