53a51e5308e14ba09046ba529cf2fd37

Sharing

Copy URL Twitter E-mail

General

Target

53a51e5308e14ba09046ba529cf2fd37
Size

103KB
MD5

53a51e5308e14ba09046ba529cf2fd37
SHA1

28b54cfd0db08661d9ae8c3aa2a2881dd0b3ea01
SHA256

a6fcfeee2acf9d22708178036623dcabb0cee096eb452796ced087cc54e8ef52
SHA512

3409d364445ea7ab1e5062a0da24011024a52bb0601c3c6c846de0a6080014fab41e6e22bf6380c13f093877e7eadd0246ad8bfeec5ff2cabaea9e92d7851b6c
SSDEEP

1536:BnwOOZFUTFhI7LcnUMoBelG62aRnzHbKvPzPdVmOhQdyX2:rOZmTFhI7LyXgd62ahcrPdVmOhQdyX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53a51e5308e14ba09046ba529cf2fd37

Files

53a51e5308e14ba09046ba529cf2fd37
.dll windows:5 windows x86 arch:x86

3d58ac382471628e9c3df0eb155fcc97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetVolumeNameForVolumeMountPointW
GetProcessHeap
HeapCreate
HeapDestroy
HeapReAlloc
HeapAlloc
HeapFree
IsBadReadPtr
VirtualAllocEx
VirtualProtect
Thread32Next
Thread32First
CreateProcessW
CreateThread
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
OpenMutexW
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
TerminateThread
GetStdHandle
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringW
DecodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
Sleep
lstrcmpiW
TlsFree
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
MapViewOfFile
GetCurrentThread
SetThreadPriority
SetEvent
ResetEvent
TerminateProcess
TlsSetValue
SetLastError
GetCurrentThreadId
GetTickCount
ReleaseMutex
LocalFree
GetVersionExW
CreateToolhelp32Snapshot
WaitForSingleObject
GetProcessId
GetThreadContext
SetThreadContext
TlsGetValue
GetLastError
CloseHandle
GetCurrentProcessId
TlsAlloc
VirtualFreeEx
GetModuleFileNameW
CreateEventW
GetModuleHandleW
GetProcAddress
DuplicateHandle
WriteProcessMemory

user32

DefDlgProcA
DefDlgProcW
DefFrameProcW
DefFrameProcA
CallWindowProcA
EndPaint
BeginPaint
GetDCEx
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetMessagePos
SetCursorPos
GetCursorPos
SetCapture
GetCapture
ReleaseCapture
PeekMessageW
GetMessageA
PeekMessageA
RegisterClassExA
RegisterClassExW
RegisterClassA
RegisterClassW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
OpenDesktopW
SwitchDesktop
GetMenuItemCount
GetMenuState
HiliteMenuItem
OpenInputDesktop
CreateWindowStationW
GetSystemMetrics
PostMessageW
MapVirtualKeyW
SendMessageW
IsWindow
SetWindowPos
MapWindowPoints
GetParent
GetWindowLongW
IsRectEmpty
GetWindowRect
GetClassLongW
GetWindowThreadProcessId
SendMessageTimeoutW
GetAncestor
GetWindowInfo
CallWindowProcW
PrintWindow
DefWindowProcW
EqualRect
ReleaseDC
GetDC
IntersectRect
GetMessageW
DrawEdge
FillRect
OpenWindowStationW
SetProcessWindowStation
GetProcessWindowStation
CreateDesktopW
SetThreadDesktop
CloseWindowStation
CloseDesktop
WindowFromPoint
SetWindowLongW
GetTopWindow
GetMenu
GetWindow
PostThreadMessageW
GetClassNameW
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuItemID
SetKeyboardState
GetShellWindow
SystemParametersInfoW
GetThreadDesktop
GetUserObjectInformationW
RegisterWindowMessageW

gdi32

GetDIBits
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
SetRectRgn
CreateCompatibleDC
DeleteDC
SaveDC
SetViewportOrgEx
RestoreDC
GdiFlush
DeleteObject
SelectObject

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

ole32

CLSIDFromString
StringFromGUID2

ws2_32

WSAGetLastError
htons
accept
bind
listen
WSASetLastError
socket
closesocket
send
select
recv
WSACleanup
WSAStartup

shlwapi

PathAddBackslashW
wvnsprintfW
PathCombineW
PathRemoveFileSpecW
PathRemoveBackslashW

ntdll

RtlUnwind

Exports

Exports

StartHiddenVNC

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d58ac382471628e9c3df0eb155fcc97

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

ntdll

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

code Size: 8KB - Virtual size: 7KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 59KB - Virtual size: 58KB

code
Size: 8KB - Virtual size: 7KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 6KB - Virtual size: 6KB