511b7ab659f129615e5e9a12c9beef29

Sharing

Copy URL Twitter E-mail

General

Target

511b7ab659f129615e5e9a12c9beef29
Size

152KB
MD5

511b7ab659f129615e5e9a12c9beef29
SHA1

85a4e642f184dbc496fb15b333e3759749c0841d
SHA256

8d7fe97ac762949e39f99ec0d6ddcc0ed7865213b61e9b421882cb3c79333a3a
SHA512

d9123030934980d3d344943da58d0eeaad1d2f6b42a698d21812dbf3350538856959a7690d6475fa91dd5023b4230e2736a826e12fa458148ca0ff5d0a20e9b6
SSDEEP

3072:ycICvGiO1k8j0yliY4787DRddzOAyRJJsyDrGIKGK/rFMlusv5gSwW:7D1OiY5wJJsynGRrFMgsv4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
511b7ab659f129615e5e9a12c9beef29

Files

511b7ab659f129615e5e9a12c9beef29
.dll windows:4 windows x86 arch:x86

8982aa05f825568dd04b742afb5d6db2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
GetModuleHandleA
Sleep
CopyFileA
LocalFree
OpenEventA
GlobalAlloc
GetModuleFileNameA
WriteProcessMemory
WaitForSingleObject
CreateFileMappingA
ReadProcessMemory
MapViewOfFile
CloseHandle
CreateFileA
SetLastError
GetComputerNameA
TerminateProcess
GetTickCount
ExitProcess
WriteFile
InterlockedIncrement
InterlockedCompareExchange
OpenFileMappingA
HeapFree
CreateDirectoryA
HeapAlloc
CreateProcessA
UnmapViewOfFile
LoadLibraryA
LeaveCriticalSection
GetLastError
InterlockedDecrement
GetCurrentProcess
GetCommandLineA
GetProcAddress
CreateMutexW
GetProcessHeap
GlobalFree
GetVolumeInformationA
EnterCriticalSection

ole32

CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoInitialize
OleSetContainedObject
CoSetProxyBlanket
CoCreateInstance
OleCreate

user32

DestroyWindow
ScreenToClient
RegisterWindowMessageA
PeekMessageA
PostQuitMessage
SetTimer
GetParent
GetSystemMetrics
GetWindow
CreateWindowExA
ClientToScreen
GetWindowThreadProcessId
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx
FindWindowA
DispatchMessageA
GetClassNameA
SetWindowLongA
GetCursorPos
SendMessageA
GetMessageA
TranslateMessage
GetWindowLongA
DefWindowProcA

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
OpenProcessToken
SetTokenInformation
RegDeleteValueA

shell32

SHGetFolderPathA

Exports

Exports

DfrgNetpnp

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 953B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8982aa05f825568dd04b742afb5d6db2

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 953B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 953B

.reloc
Size: 8KB - Virtual size: 6KB