4ed2471c3c0820192d8816b1a476864b

Sharing

Copy URL Twitter E-mail

General

Target

4ed2471c3c0820192d8816b1a476864b
Size

126KB
MD5

4ed2471c3c0820192d8816b1a476864b
SHA1

1f7108a7792405626b375ba846ddc5cb8c9523fb
SHA256

2f9f797392110f9fad4c30ea2a8db3404db0ed7e22a73c9b038de836c1b869be
SHA512

76a1baadbd8a00247882d65d9b2f5542bca14dc37f50b6ca7a54476764b44039f14fc3931a34b687e86242a83767b9960387b09a1c72ec227b85d19eee9223f9
SSDEEP

1536:YgT2hllBD9PYyJgIVm0ub4sCmQMYn+jFeG9Z9TWpq5+VJv70Y:YgT2hlP9PzJOb4s2+jFeG97Wpq5+P7B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed2471c3c0820192d8816b1a476864b

Files

4ed2471c3c0820192d8816b1a476864b
.dll windows:5 windows x86 arch:x86

2b1e3ddb864ac769b6b77d1f437620a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
lstrlenW
GetLastError
FindClose
GetModuleFileNameA
WinExec
GetTempPathA
DeleteFileA
CreateMutexW
GetCurrentThread
WideCharToMultiByte
LoadLibraryW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleW
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
RaiseException
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetTempFileNameW
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetTempPathW
GetCurrentProcess
GetWindowsDirectoryA
TerminateProcess
OpenMutexW
SetLastError
ExitProcess
SystemTimeToFileTime
VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
GetModuleHandleExW
FindFirstFileW
lstrcpyA
GetSystemTime
DeleteFileW
InterlockedExchange
lstrcatA
IsBadWritePtr
lstrcpynA
CreateThread
CloseHandle
WaitForMultipleObjects
MultiByteToWideChar
lstrlenA
lstrcmpiA
Sleep
GetTickCount
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

DispatchMessageW
PeekMessageW
TranslateMessage
wsprintfA
CharNextW

advapi32

RegSetValueExA
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyA
RegCreateKeyA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen
VariantClear

shlwapi

PathAddBackslashW
SHDeleteValueA
StrCatW
StrCmpNIA
StrStrIA
StrNCatW
StrCpyNW
wnsprintfA
StrCmpIW
StrStrIW
StrCmpNIW

wininet

InternetCrackUrlW
InternetOpenUrlA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetSetOptionW
InternetReadFile

winmm

waveOutWrite

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b1e3ddb864ac769b6b77d1f437620a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 19KB - Virtual size: 22KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 19KB - Virtual size: 22KB

.reloc
Size: 10KB - Virtual size: 9KB