5f3892bb14faef2d53fa25c5b7edaf89ec409d65bb83d1216181df2615207888

Sharing

Copy URL Twitter E-mail

General

Target

5f3892bb14faef2d53fa25c5b7edaf89ec409d65bb83d1216181df2615207888
Size

3.6MB
MD5

8207e5b06c9b150daca055635bee6fbe
SHA1

c44352361c7182ef69b2b3bdc3b8a4fcd1ee259b
SHA256

5f3892bb14faef2d53fa25c5b7edaf89ec409d65bb83d1216181df2615207888
SHA512

e7e898d7f6156d249dd25c04165a356bde2804ed49a21a1f5e7ad9c7c0980df3359076c85c46f513c7028f643332b5e61cedcfaf2f792ea856c7ba06c53d2ba7
SSDEEP

49152:WGtlqb6VwASOa4IU6ijj3Pqim1l+BvoTE+RDIg/7ovC2P0YcwsSZjSfGPAkZyf2H:aH+jfXkD6NPNsSRSNkZ0lCDtmIOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3892bb14faef2d53fa25c5b7edaf89ec409d65bb83d1216181df2615207888

Files

5f3892bb14faef2d53fa25c5b7edaf89ec409d65bb83d1216181df2615207888
.dll regsvr32 windows:6 windows x64 arch:x64

7e0b97ba8693ca005f25ec5ade2300f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
GetFileType
GetFileInformationByHandle
GetFileInformationByHandleEx
FreeResource
GetSystemInfo
VirtualFree
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GetDateFormatEx
GetTimeFormatEx
QueryPerformanceCounter
GetCurrentDirectoryW
CancelIo
GetUserPreferredUILanguages
GetLocaleInfoEx
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetFullPathNameW
OpenMutexW
GetEnvironmentVariableW
SetFileInformationByHandle
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetProcAddress
LoadLibraryA
GetModuleHandleA
CopyFileW
SetEndOfFile
SetFilePointer
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
WriteConsoleW
FindFirstFileExW
GetFinalPathNameByHandleW
ReplaceFileW
SetFileValidData
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetConsoleOutputCP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
ReadFile
SetLastError
LocalFree
GetCurrentThreadId
GetLastError
DeleteFileW
MoveFileExW
CreateDirectoryW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
WriteFile
SetNamedPipeHandleState
CreateFileW
Sleep
CloseHandle
CreateProcessW
GetModuleHandleExW
lstrcpynW
lstrcpynA
GetFileAttributesW
LoadResource
LockResource
SizeofResource
FindResourceW
HeapFree
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleHandleW
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetACP
GetSystemDirectoryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TryAcquireSRWLockExclusive
GetStringTypeW
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx

user32

GetUserObjectInformationW
GetSystemMetrics
InsertMenuW
SetMenuInfo
SetMenuItemInfoW
CreateIconIndirect
ReleaseDC
GetDC
DestroyIcon
GetProcessWindowStation
GetIconInfo
MessageBoxW
LoadImageW

gdi32

DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateBitmap

ws2_32

inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
recv
send
closesocket
connect
select
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
ntohs
htonl
inet_ntop
getsockopt
htons
setsockopt
socket
shutdown
gethostbyname
ioctlsocket
ntohl

shell32

ord727
DuplicateIcon
SHChangeNotify
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetStockIconInfo

advapi32

GetAce
CryptSignHashW
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameW
GetSecurityInfo
SetSecurityDescriptorControl
DeleteAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
EqualSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptEnumProvidersW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

gdiplus

GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipDrawArcI
GdipDrawEllipseI
GdipFillEllipseI
GdipCloneBitmapAreaI
GdiplusStartup
GdipDeleteGraphics

shlwapi

PathFindExtensionW

mpr

WNetGetUniversalNameW

ntdll

RtlAllocateHeap
RtlFreeHeap

ncrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetExtVersion

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e0b97ba8693ca005f25ec5ade2300f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shell32

advapi32

crypt32

gdiplus

shlwapi

mpr

ntdll

ncrypt

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 828KB - Virtual size: 828KB

.data Size: 24KB - Virtual size: 75KB

.pdata Size: 112KB - Virtual size: 111KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 376KB - Virtual size: 376KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 828KB - Virtual size: 828KB

.data
Size: 24KB - Virtual size: 75KB

.pdata
Size: 112KB - Virtual size: 111KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 376KB - Virtual size: 376KB

.reloc
Size: 37KB - Virtual size: 36KB